AZL-45429 CVE-2024-39908 affecting package rubygem-rexml for versions less than 3.2.7-4

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

UBUNTU-CVE-2024-39908

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

REXML: DoS parsing an XML with many `<`s in an attribute value

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

REXML contains a denial of service vulnerability

...

SUSE CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' when parsing an XML that has many s in an attribute value. An attacker can cause a denial of service by exploiting this behavior. Workaround Th...

PT-2024-7269

Name of the Vulnerable Software and Affected Versions: REXML versions prior to 3.3.1 REXML versions prior to 3.2.7 Description: The issue is related to denial-of-service vulnerabilities in the REXML gem for Ruby. When parsing XML with many specific characters, such as , the gem may be impacted...

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...