rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

ROS-20241112-06

The XML toolkit vulnerability for Ruby REXML is related to inefficient regular expression complexity expressions. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of service attack using regular expressions. denial-of-service attack using regular...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2895)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby.The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull...

The vulnerability of the XML tools for Ruby REXML, related to uncontrolled resource consumption, allows a attacker to cause a service failure.

The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the XML tools for Ruby REXML relates to uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource leaks. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

The vulnerability of the XML tools for Ruby REXML stems from improper restrictions on recursive references to entities in DTDs. This allows attackers to trigger a service failure.

The vulnerability of the XML tools for Ruby REXML is related to improper restrictions on recursive references to entities in DTDs. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool.

Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-43398 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By using a specially crafted XML content, a remote...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.8

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.2.8 Vulnerability Details CVEID:CVE-2024-39908 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially crafted request...

AZL-48154 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.2.9-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

AZL-47376 CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.3.4-1

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

AZL-47358 CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.2.7-2

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

Denial of Service (DoS)

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Denial of Service DoS through the XML parsing process. An attacker can cause a denial of service by sending specially crafted XML documents that contain many specific characters such as . This...

AZL-45439 CVE-2024-39908 affecting package rubygem-rexml for versions less than 3.3.4-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

AZL-42064 CVE-2024-35176 affecting package rubygem-rexml for versions less than 3.2.8-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

UBUNTU-CVE-2024-35176

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

USN-4922-1 ruby2.3, ruby2.5, ruby2.7 vulnerability

Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack...

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...