I keep hearing about the XML round trip vulnerability in version 3.2.4 of the Ruby package REXML. I looked into it myself, of course, and it seems to have something to do with parsing an XML document, then putting it back into XML again, and it coming out incorrect or just different than the original.
Presumably, it can be different in dangerous ways.
Is that correct? Can someone link me to resources that explicate this kind of vulnerability, or perhaps help me (and anyone else in the future) understand exactly how this works?