3332 matches found
JetBrains YouTrack < 2024.3.47707 Multiple Vulnerabilities
The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47707. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - Potential ReDoS exploit was possible via email header parsing in Helpdesk functionality CVE-2024-50574 - Reflecte...
Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.13.2 security update
An update is now available for Red Hat OpenShift GitOps v1.13.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
SUSE CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
A flaw was found in the REXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
AZL-51908 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.3.9-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
ALPINE-CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51876 CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51894 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
Internet Bug Bounty: CVE-2024-49761: ReDoS vulnerability in REXML
CVE-2024-49761 was a ReDoS vulnerability in the REXML gem. The vulnerability was caused by the parsing of XML input with many digits between "&" and "x...;" in a hex numeric character reference. This issue was resolved by updating the REXML gem to version 3.3.9 or later...
CVE-2024-49761
CVE-2024-49761 affects the Ruby ecosystem via the REXML XML toolkit. The vulnerability exists in the REXML gem before 3.3.9, where parsing an XML containing hex numeric character references (&#x...;) with many digits can cause a ReDoS. Ruby 3.2+ is not affected; Ruby 3.1 is the affected maintaine...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
GHSA-2RXP-V6PW-CH6M REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
CVE-2024-50574
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality...
CVE-2024-50574
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality...
CVE-2024-50574
JetBrains YouTrack before 2024.3.47707 is affected by CVE-2024-50574: a potential ReDoS via email header parsing in Helpdesk. The issue is described in multiple sources as a denial of service risk with availability impact (per CVSS notes: HIGH). No explicit exploit details or active exploit statu...