Manun

**Name of the Vulnerable Software and Affected Versions** REXML gem versions prior to 3.3.9 Ruby 3.1 **Description** The issue is related to a ReDoS vulnerability in the REXML gem when parsing XML with many digits between `&#` and `x...;` in a hex numeric character reference (`&#x...;`). This vulnerability can be exploited to perform a denial-of-service attack. The vulnerability does not affect Ruby 3.2 or later. Ruby 3.1 is the only maintained Ruby version that is affected. **Recommendations** For REXML gem versions prior to 3.3.9, update to version 3.3.9 or later to fix the vulnerability. For Ruby 3.1, consider using Ruby 3.2 or later instead, as Ruby 3.1 will reach end-of-life in 2025.