mobile-sdk-ios icon indicating copy to clipboard operation
mobile-sdk-ios copied to clipboard

Published 20 hours ago verified publisher icon crowdin

Update rexml dependency

Open npetrackunit opened this issue 4 months ago • 4 comments

Is your feature request related to a problem? Please describe. There is a DoS vulnerability in REXML gem which is included in the Starscream dependency. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem.

Describe the solution you'd like Contact Starscream since they are a dependency for your repo, adjust things on your end to remove the issue if possible.

Describe alternatives you've considered I have contacted that repo directly with a github issue but haven't heard back for 2 weeks about this.

Additional context Affected versions REXML gem 3.3.2 or prior

Hi, I am posting this on your repo since I am not getting a response from the Starscream folks. If you could help out with this that would be great. This issue is being flagged in our project through a company check, and there is nothing I can do to resolve this either than remove your package.

Let me know if there is something else I can do to resolve this. Thanks :)

npetrackunit avatar Oct 10 '24 13:10 npetrackunit