732 matches found
CVE-2024-35176 REXML contains a denial of service vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...
CVE-2024-35176
CVE-2024-35176 affects the Ruby REXML XML toolkit. The vulnerability is a Denial of Service in the REXML gem when parsing XML that contains many
CVE-2024-35176 REXML contains a denial of service vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...
CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...
PT-2024-7270 · Ruby +10 · Rexml +10
Name of the Vulnerable Software and Affected Versions: REXML versions prior to 3.2.6 REXML versions prior to 3.3.1 REXML versions prior to 3.3.2 REXML versions prior to 3.3.3 Description: The REXML gem has a denial of service vulnerability when it parses an XML that has many s in an attribute...
PT-2024-7269
Name of the Vulnerable Software and Affected Versions: REXML versions prior to 3.3.1 REXML versions prior to 3.2.7 Description: The issue is related to denial-of-service vulnerabilities in the REXML gem for Ruby. When parsing XML with many specific characters, such as , the gem may be impacted...
PT-2024-6381
Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.3 Description The REXML gem has some DoS vulnerabilities when it parses an XML that has many specific characters, such as whitespace characters, and , or . This vulnerability is related to uncontrolled resource...
REXML contains a denial of service vulnerability
Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. Workarounds Don...
Ruby 安全漏洞
Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Gyohiro Matsumoto. A security vulnerability exists in Ruby REXML versions prior to 3.2.6, which stems from a denial of service vulnerability in the REXML gem when parsing attribute...
BIT-RUBY-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...
Amazon Linux 2 : ruby (ALASRUBY3.0-2023-007)
The version of ruby installed on the remote host is prior to 3.0.1-148. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY3.0-2023-007 advisory. A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML...
Amazon Linux 2 : ruby (ALASRUBY2.6-2023-006)
The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-006 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP...
Medium: ruby
Issue Overview: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy whi...
Oracle Linux 6 : ruby193-ruby (ELSA-2014-1913)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1913 advisory. - Fix off-by-one stack-based buffer overflow in the encodes function CVE-2014-4975. Related: rhbz1164004 - Fix REXML billion laughs attack via paramete...
AlmaLinux 8 : ruby:2.7 (ALSA-2021:2584)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted the...
Debian: Security Advisory (DLA-200-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2014-8090
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...
SUSE CVE-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...
pcs security update
0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2116841 0.11.3-3 - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz2026725 rhbz2058243 0.11.3-2 - Fixed 'pcs resource restart' traceback - Resolves: rhbz2102663 0.11.3-1 -...
pcs security update
0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...