Medium: ruby3.2

🗓️ 01 Apr 2025 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 2 Views

REXML DoS flaws in Ruby gem; upgrade to patched versions 3.2.7+, 3.3.2+, 3.3.3+, 3.3.6+.

Reporter	Title	Published	Views	Family All 507
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Ruby REXML denial of service vulnerability [ CVE-2024-35176]	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities	21 Oct 202415:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software	27 Feb 202519:51	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) may affect IBM watsonx Assistant for IBM Cloud Pak for Data	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool.	17 Sep 202408:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.6	29 Aug 202418:55	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176).	1 Aug 202410:31	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores	28 Jan 202521:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	15 Apr 202503:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.8	29 Aug 202418:53	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	ruby3.2	3.2.7-183.amzn2023.0.1	ruby3.2-3.2.7-183.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	ruby3.2	3.2.7-183.amzn2023.0.1	ruby3.2-3.2.7-183.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	ruby3.2-bundled-gems	3.2.7-183.amzn2023.0.1	ruby3.2-bundled-gems-3.2.7-183.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	ruby3.2-bundled-gems	3.2.7-183.amzn2023.0.1	ruby3.2-bundled-gems-3.2.7-183.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	ruby3.2-bundled-gems-debuginfo	3.2.7-183.amzn2023.0.1	ruby3.2-bundled-gems-debuginfo-3.2.7-183.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	ruby3.2-bundled-gems-debuginfo	3.2.7-183.amzn2023.0.1	ruby3.2-bundled-gems-debuginfo-3.2.7-183.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	ruby3.2-debuginfo	3.2.7-183.amzn2023.0.1	ruby3.2-debuginfo-3.2.7-183.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	ruby3.2-debuginfo	3.2.7-183.amzn2023.0.1	ruby3.2-debuginfo-3.2.7-183.amzn2023.0.1.x86_64.rpm
Amazon Linux	2	aarch64	ruby3.2-debugsource	3.2.7-183.amzn2023.0.1	ruby3.2-debugsource-3.2.7-183.amzn2023.0.1.aarch64.rpm
Amazon Linux	2	x86_64	ruby3.2-debugsource	3.2.7-183.amzn2023.0.1	ruby3.2-debugsource-3.2.7-183.amzn2023.0.1.x86_64.rpm

01 Apr 2025 00:00Current

8.9High risk

Vulners AI Score8.9

CVSS 3.15.9 - 7.5

EPSS0.07595

SSVC

REXML Ruby gem Denial of service Untrusted XML Upgrade required Patched releases Version 3.2.7 Version 3.3.2 Version 3.3.3 Version 3.3.6