Add specs for Regexp used in REXML that was affected by ReDoS vulnera…

…bility
ruby · Jan 30, 2025 · a18013e · a18013e
1 parent d9a4b17
commit a18013e
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/security/cve_2024_49761_spec.rb b/security/cve_2024_49761_spec.rb
@@ -0,0 +1,9 @@
+require_relative '../spec_helper'
+
+ruby_version_is "3.2" do
+  describe "CVE-2024-49761 is resisted by" do
+    it "the Regexp implementation handling that regular expression in linear time" do
+      Regexp.linear_time?(/&#0*((?:\d+)|(?:x[a-fA-F0-9]+));/).should == true
+    end
+  end
+end