jekyll-last-modified-at-1.3.2.gem: 2 vulnerabilities (highest severity is: 7.5) [main]

<details>
  <summary>📂 Vulnerable Library - <strong>jekyll-last-modified-at-1.3.2.gem</strong></summary>





**Path to dependency file:** /Gemfile.lock

**Path to vulnerable library:** /vendor/cache/jekyll-last-modified-at-1.3.2.gem


</details>


# Findings
| Finding | Severity | 🎯 CVSS | Exploit Maturity | EPSS | Library | Type | Fixed in | Remediation Available |
| ------------- | ------------- | ---- | --- | ----- | ----- | ----- | --- | --- |
| [ CVE-2024-49761 ](https://www.mend.io/vulnerability-database/CVE-2024-49761) | 🔴 High | 7.5 | Not Defined | 1.3000001% | rexml-3.3.6.gem | Transitive | N/A | ❌ |
| [ CVE-2025-58767 ](https://www.mend.io/vulnerability-database/CVE-2025-58767) | 🟠 Medium | 5.3 | Not Defined | < 1% | rexml-3.3.6.gem | Transitive | N/A | ❌ |


# Details


<details>
  <summary>
 🔴CVE-2024-49761
  </summary>

### Vulnerable Library - **rexml-3.3.6.gem**

An XML toolkit for Ruby

**Library home page:** [ https://rubygems.org/gems/rexml-3.3.6.gem ](https://rubygems.org/gems/rexml-3.3.6.gem)

**Path to dependency file:** /Gemfile.lock

**Path to vulnerable library:** /vendor/cache/rexml-3.3.6.gem



**Dependency Hierarchy:**


- jekyll-seo-tag-2.8.0.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-algolia-1.7.1.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-last-modified-at-1.3.2.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-menus-0.6.1.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-sitemap-1.4.0.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-tabs-1.1.1.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-feed-0.17.0.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-4.2.1.gem (Root Library)
    - kramdown-parser-gfm-1.1.0.gem
        - kramdown-2.4.0.gem
            - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- octopress-minify-html-1.3.1.gem (Root Library)
    - octopress-hooks-2.6.2.gem
        - jekyll-4.2.1.gem
            - kramdown-parser-gfm-1.1.0.gem
                - kramdown-2.4.0.gem
                    - ❌  **rexml-3.3.6.gem** (Vulnerable Library)




***

### Vulnerability Details

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

**Publish Date:** Oct 28, 2024 02:10 PM

**URL:** [ CVE-2024-49761 ](https://www.mend.io/vulnerability-database/CVE-2024-49761)

**Threat Assessment**

Exploit Maturity:Not Defined

EPSS:1.3000001%

**Score:** 7.5


***
### Suggested Fix

**Type:** Upgrade version

**Origin:** https://www.cve.org/CVERecord?id=CVE-2024-49761

**Release Date:** Oct 28, 2024 02:10 PM

**Fix Resolution :** rexml - 3.3.9


</details>

<details>
  <summary>
 🟠CVE-2025-58767
  </summary>

### Vulnerable Library - **rexml-3.3.6.gem**

An XML toolkit for Ruby

**Library home page:** [ https://rubygems.org/gems/rexml-3.3.6.gem ](https://rubygems.org/gems/rexml-3.3.6.gem)

**Path to dependency file:** /Gemfile.lock

**Path to vulnerable library:** /vendor/cache/rexml-3.3.6.gem



**Dependency Hierarchy:**


- jekyll-seo-tag-2.8.0.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-algolia-1.7.1.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-last-modified-at-1.3.2.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-menus-0.6.1.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-sitemap-1.4.0.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-tabs-1.1.1.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-feed-0.17.0.gem (Root Library)
    - jekyll-4.2.1.gem
        - kramdown-parser-gfm-1.1.0.gem
            - kramdown-2.4.0.gem
                - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- jekyll-4.2.1.gem (Root Library)
    - kramdown-parser-gfm-1.1.0.gem
        - kramdown-2.4.0.gem
            - ❌  **rexml-3.3.6.gem** (Vulnerable Library)


- octopress-minify-html-1.3.1.gem (Root Library)
    - octopress-hooks-2.6.2.gem
        - jekyll-4.2.1.gem
            - kramdown-parser-gfm-1.1.0.gem
                - kramdown-2.4.0.gem
                    - ❌  **rexml-3.3.6.gem** (Vulnerable Library)




***

### Vulnerability Details

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

**Publish Date:** Sep 17, 2025 05:45 PM

**URL:** [ CVE-2025-58767 ](https://www.mend.io/vulnerability-database/CVE-2025-58767)

**Threat Assessment**

Exploit Maturity:Not Defined

EPSS:< 1%

**Score:** 5.3


***
### Suggested Fix

**Type:** Upgrade version

**Origin:** https://github.com/advisories/GHSA-c2f4-jgmc-q2r5

**Release Date:** Sep 17, 2025 05:45 PM

**Fix Resolution :** rexml - 3.4.2,https://github.com/ruby/rexml.git - v3.4.2


</details>

[comment]: <> (<MEND_ISSUE_METADATA>{"identifier":"jekyll-last-modified-at-1.3.2.gem","repoName":"documentation","branchName":"main","type":"SCA_DEP"}</MEND_ISSUE_METADATA>)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

jekyll-last-modified-at-1.3.2.gem: 2 vulnerabilities (highest severity is: 7.5) [main] #910

Findings

Details

Vulnerable Library - rexml-3.3.6.gem

Vulnerability Details

Suggested Fix

Vulnerable Library - rexml-3.3.6.gem

Vulnerability Details

Suggested Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Finding	Severity	🎯 CVSS	Exploit Maturity	EPSS	Library	Type	Fixed in	Remediation Available
CVE-2024-49761	🔴 High	7.5	Not Defined	1.3000001%	rexml-3.3.6.gem	Transitive	N/A	❌
CVE-2025-58767	🟠 Medium	5.3	Not Defined	< 1%	rexml-3.3.6.gem	Transitive	N/A	❌

jekyll-last-modified-at-1.3.2.gem: 2 vulnerabilities (highest severity is: 7.5) [main] #910

Description

Findings

Details

Vulnerable Library - rexml-3.3.6.gem

Vulnerability Details

Suggested Fix

Vulnerable Library - rexml-3.3.6.gem

Vulnerability Details

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions