The REXML library is affected by a security flaw that could allow attackers to cause system instability or gain unauthorized access to data through malicious XML processing.

The vulnerability exists within the REXML XML parsing library. While the specific mechanism is not detailed, XML parsing vulnerabilities typically involve XML External Entity (XXE) injection or Denial of Service (DoS) via resource exhaustion, potentially exploitable by unauthenticated users sending crafted XML payloads.

Exploitation of this flaw could result in the disclosure of local files or a complete denial of service for any Ruby application utilizing the REXML library. The CVSS score of 7.5 indicates a high severity, as it can directly impact the availability and confidentiality of the host system.

Immediate Action: Update the REXML gem to the latest patched version through your Ruby environment's package manager (e.g., bundle update rexml).

Proactive Monitoring: Monitor application logs for XML parsing errors or unusually high CPU/memory consumption that may indicate an attempted exploitation.

Compensating Controls: Implement strict input validation for all XML data and disable external entity resolution in the REXML configuration if the application logic allows.

Public Exploit Available: false

This vulnerability should be treated with high urgency due to its potential impact on application stability and data security. Developers and administrators must apply the updated REXML gem immediately to all affected environments.