Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-41946HistoryAug 01, 2024 - 3:15 p.m.
CVE-2024-41946
2024-08-0115:15:14
Alpine Linux Development Team
security.alpinelinux.org
2
rexml gem
xml toolkit
ruby
dos vulnerability
sax2
pull parser api
patch
fix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
23.8%
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-main | noarch | ruby-rexml | = 3.2.9-r0 | UNKNOWN |
| Alpine | 3.20-main | noarch | ruby-rexml | = 3.2.9-r0 | UNKNOWN |
| Alpine | 3.19-main | noarch | ruby-rexml | = 3.2.6-r0 | UNKNOWN |
| Alpine | 3.18-main | noarch | ruby-rexml | = 3.2.5-r3 | UNKNOWN |
| Alpine | 3.17-main | noarch | ruby-rexml | = 3.2.5-r2 | UNKNOWN |
Related
osv
osv
CGA-v98j-mcmh-g897
2024-08-13 09:04:45
CVE-2024-41946
2024-08-01 15:15:14
CGA-vh8v-w8jp-44vq
2024-08-13 14:04:56
vulnrichment
vulnrichment
CVE-2024-41946 REXML DoS vulnerability
2024-08-01 14:22:14
redhatcve
redhatcve
CVE-2024-41946
2024-08-05 13:19:00
nvd
nvd
CVE-2024-41946
2024-08-01 15:15:14
github
github
REXML DoS vulnerability
2024-08-02 12:33:15
veracode
veracode
Denial Of Service (DoS)
2024-08-07 09:46:22
cvelist
cvelist
CVE-2024-41946 REXML DoS vulnerability
2024-08-01 14:22:14
debiancve
debiancve
CVE-2024-41946
2024-08-01 15:15:14
wolfi
wolfi
CVE-2024-41946 vulnerabilities
2024-09-19 21:18:36
rubygems
rubygems
DoS vulnerabilities in REXML
2024-07-31 21:00:00
cve
cve
CVE-2024-41946
2024-08-01 15:15:14
nessus
nessus
RHEL 8 : pcs (RHSA-2024:6670)
2024-09-16 00:00:00
Rocky Linux 8 : pcs (RLSA-2024:6670)
2024-09-16 00:00:00
AlmaLinux 8 : pcs (ALSA-2024:6670)
2024-09-17 00:00:00
almalinux
almalinux
Moderate: pcs security update
2024-09-16 00:00:00
redhat
redhat
(RHSA-2024:6702) Moderate: pcs security update
2024-09-16 18:03:09
(RHSA-2024:6703) Moderate: pcs security update
2024-09-16 18:03:16
(RHSA-2024:6670) Moderate: pcs security update
2024-09-16 00:57:19
redos
redos
ROS-20240918-12
2024-09-18 00:00:00
rocky
rocky
pcs security update
2024-09-17 00:54:57
oraclelinux
oraclelinux
pcs security update
2024-09-16 00:00:00
ruby:3.3 security update
2024-09-19 00:00:00
ibm
ibm
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
23.8%
Related for ALPINE:CVE-2024-41946