Naitoh

**Name of the Vulnerable Software and Affected Versions** REXML versions prior to 3.3.3 **Description** The issue is related to an uncontrolled resource consumption in the REXML XML toolkit for Ruby. When REXML parses an XML with many entity expansions using the SAX2 or pull parser API, it can lead to a denial of service. If untrusted XMLs are parsed with SAX2 or pull parser API, users may be impacted by this issue. **Recommendations** For versions prior to 3.3.3, update to REXML gem 3.3.3 or later to fix the vulnerability. As a temporary workaround, avoid parsing untrusted XMLs with SAX2 or pull parser API until the issue is resolved.