REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
References
Configurations
History
05 Sep 2024, 16:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368 - Patch | |
References | () https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4 - Vendor Advisory | |
References | () https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml - Not Applicable | |
References | () https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 - Vendor Advisory | |
CPE | cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Ruby-lang
Ruby-lang rexml |
01 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-01 15:15
Updated : 2024-09-05 16:09
NVD link : CVE-2024-41946
Mitre link : CVE-2024-41946
CVE.ORG link : CVE-2024-41946
JSON object : View
Products Affected
ruby-lang
- rexml
CWE
CWE-400
Uncontrolled Resource Consumption