Ruby REXML < 3.3.6 DoS vulnerability

The version of the REXML Ruby library installed on the remote host is prior to 3.3.6. It is, therefore, affected by a DoS vulnerability. The vulnerability lies when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree...

[SECURITY] [DLA 4018-1] ruby2.7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4018-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 17, 2025 https://wiki.debian.org/LTS -...

CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

SUSE CVE-2024-41946

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...