Lowkou

**Name of the Vulnerable Software and Affected Versions** REXML versions prior to 3.3.6 **Description** The REXML gem has a DoS vulnerability when it parses an XML that has many deep elements that have the same local name attributes. This issue affects users who need to parse untrusted XMLs with the tree parser API, such as `REXML::Document.new`. However, users of other parser APIs like stream parser API and SAX2 parser API are not affected. **Recommendations** For versions prior to 3.3.6, update to REXML gem 3.3.6 or later to fix the vulnerability. As a temporary workaround, consider not parsing untrusted XMLs with the tree parser API until a patch is available.