Lucene search
K

732 matches found

Vulnrichment
Vulnrichment
added 2024/05/16 3:13 p.m.27 views

CVE-2024-35176 REXML contains a denial of service vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

5.3CVSS5.3AI score0.02064EPSS
Exploits1References3
CVE
CVE
added 2024/05/16 3:13 p.m.350 views

CVE-2024-35176

CVE-2024-35176 affects the Ruby REXML XML toolkit. The vulnerability is a Denial of Service in the REXML gem when parsing XML that contains many

5.3CVSS6.4AI score0.02064EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/05/16 3:13 p.m.23 views

CVE-2024-35176 REXML contains a denial of service vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

5.3CVSS5.5AI score0.02064EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2024/05/16 3:13 p.m.24 views

CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

5.3CVSS5.8AI score0.02064EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.10 views

PT-2024-7270 · Ruby +10 · Rexml +10

Name of the Vulnerable Software and Affected Versions: REXML versions prior to 3.2.6 REXML versions prior to 3.3.1 REXML versions prior to 3.3.2 REXML versions prior to 3.3.3 Description: The REXML gem has a denial of service vulnerability when it parses an XML that has many s in an attribute...

9.8CVSS7AI score0.02364EPSS
Exploits1References158
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-7269

Name of the Vulnerable Software and Affected Versions: REXML versions prior to 3.3.1 REXML versions prior to 3.2.7 Description: The issue is related to denial-of-service vulnerabilities in the REXML gem for Ruby. When parsing XML with many specific characters, such as , the gem may be impacted...

8.7CVSS7.5AI score0.02064EPSS
Exploits1References178
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-6381

Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.3 Description The REXML gem has some DoS vulnerabilities when it parses an XML that has many specific characters, such as whitespace characters, and , or . This vulnerability is related to uncontrolled resource...

8.7CVSS7.3AI score0.02064EPSS
Exploits1References174
RubySec
RubySec
added 2024/05/16 12:0 a.m.33 views

REXML contains a denial of service vulnerability

Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. Workarounds Don...

5.3CVSS6.4AI score0.02064EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.3 views

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Gyohiro Matsumoto. A security vulnerability exists in Ruby REXML versions prior to 3.2.6, which stems from a denial of service vulnerability in the REXML gem when parsing attribute...

5.3CVSS7.2AI score0.02064EPSS
Exploits1References7
OSV
OSV
added 2024/03/06 11:5 a.m.30 views

BIT-RUBY-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

7.5CVSS7.7AI score0.05061EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.26 views

Amazon Linux 2 : ruby (ALASRUBY3.0-2023-007)

The version of ruby installed on the remote host is prior to 3.0.1-148. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY3.0-2023-007 advisory. A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML...

7.5CVSS7.1AI score0.05061EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.82 views

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-006)

The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-006 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References6
Amazon
Amazon
added 2023/09/25 12:0 a.m.3 views

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy whi...

7.5CVSS7AI score0.05061EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.20 views

Oracle Linux 6 : ruby193-ruby (ELSA-2014-1913)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1913 advisory. - Fix off-by-one stack-based buffer overflow in the encodes function CVE-2014-4975. Related: rhbz1164004 - Fix REXML billion laughs attack via paramete...

5CVSS7.7AI score0.05555EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/08/07 12:0 a.m.40 views

AlmaLinux 8 : ruby:2.7 (ALSA-2021:2584)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted the...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.32 views

Debian: Security Advisory (DLA-200-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9.6AI score0.05555EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.3 views

SUSE CVE-2014-8090

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.5AI score0.05555EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.2 views

SUSE CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

5.3CVSS7.6AI score0.05061EPSS
Exploits0References14
Oracle linux
Oracle linux
added 2022/11/22 12:0 a.m.34 views

pcs security update

0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2116841 0.11.3-3 - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz2026725 rhbz2058243 0.11.3-2 - Fixed 'pcs resource restart' traceback - Resolves: rhbz2102663 0.11.3-1 -...

8.8CVSS1.2AI score0.01825EPSS
Exploits1
Oracle linux
Oracle linux
added 2022/06/30 12:0 a.m.41 views

pcs security update

0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...

7.5CVSS7.9AI score0.02059EPSS
Exploits0
Rows per page
Query Builder