Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005312 advisory. REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005311 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name...

EUVD-2021-0797

Malware in sbrugna...

EUVD-2024-2910

Malicious code in bioql PyPI...

EUVD-2024-2666

Malicious code in bioql PyPI...

Azure Linux 3.0 Security Update: ruby (CVE-2024-43398)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML tha...

USN-7442-1: Ruby vulnerabilities

It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...

USN-7418-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu 24.04...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-921)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-921 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . If you need to parse untrusted XMLs, you many be impacte...

Linux Distros Unpatched Vulnerability : CVE-2024-41123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as...

Linux Distros Unpatched Vulnerability : CVE-2024-41946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API...

USN-7256-2: Ruby regression

USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an...

[SECURITY] [DLA 4018-2] ruby2.7 regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4018-2 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès February 11, 2025 https://wiki.debian.org/LTS -...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1147)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between and x...; ...

USN-7256-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service...

Ubuntu 20.04 LTS : Ruby vulnerabilities (USN-7256-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7256-1 advisory. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An...

BIT-RUBY-MIN-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.3.6.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.3.6.gem . Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits...

Debian dla-4018 : libruby2.7 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4018 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4018-2 [email protected] https://www.debian.org/lts/security/...