Vulnerabilities (CVE)

Filtered by vendor Ruby-lang Subscribe
Filtered by product Rexml
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28965 2 Fedoraproject, Ruby-lang 3 Fedora, Rexml, Ruby 2024-11-21 5.0 MEDIUM 7.5 HIGH
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
CVE-2024-49761 1 Ruby-lang 1 Rexml 2024-11-05 N/A 7.5 HIGH
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
CVE-2024-41123 1 Ruby-lang 1 Rexml 2024-10-10 N/A 7.5 HIGH
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
CVE-2024-41946 1 Ruby-lang 1 Rexml 2024-09-05 N/A 7.5 HIGH
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.