Sofiaaberegg

**Name of the Vulnerable Software and Affected Versions** REXML versions 3.3.3 through 3.4.1 **Description** REXML, an XML toolkit for Ruby, is susceptible to a denial-of-service issue when processing XML data containing multiple XML declarations. Parsing untrusted XMLs may lead to this issue. **Recommendations** Update to REXML version 3.4.2 or later. Avoid parsing untrusted XMLs.

**Name of the Vulnerable Software and Affected Versions** jq version 1.8.0 **Description** A heap use after free issue exists within the function `f strflocaltime` of `/src/builtin.c`. This is a problem in a command-line JSON processor. **Recommendations** For version 1.8.0, consider restricting access to the `f strflocaltime` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.