Lucene search
GitHub_MCVELIST:CVE-2024-35176HistoryMay 16, 2024 - 3:13 p.m.
CVE-2024-35176 REXML contains a denial of service vulnerability
2024-05-1615:13:25
CWE-400
CWE-770
GitHub_M
raw.githubusercontent.com
6
rexml
xml toolkit
ruby
denial of service
vulnerability
untrusted xmls
workaround
0.0004 Low
EPSS
Percentile
15.1%
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don’t parse untrusted XMLs.
Related
veracode
veracode
Denial Of Service (DoS)
2024-05-21 07:21:39
wolfi
wolfi
CVE-2024-35176 vulnerabilities
2024-06-02 09:07:39
osv
osv
REXML contains a denial of service vulnerability
2024-05-16 17:44:04
CVE-2024-35176
2024-05-16 16:15:09
cbl_mariner
cbl_mariner
cgr
cgr
CVE-2024-35176 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2024-35176
2024-05-16 16:15:09
github
github
REXML contains a denial of service vulnerability
2024-05-16 17:44:04
debiancve
debiancve
CVE-2024-35176
2024-05-16 16:15:09
rubygems
rubygems
REXML contains a denial of service vulnerability
2024-05-15 21:00:00