There is an XML round-trip vulnerability in REXML gem bundled with Ruby. https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ CREATE(Triage):(User=admin) [CVE-2021-28965|https://nvd.nist.gov/vuln/detail/CVE-2021-28965]