21 matches found
Denial Of Service (DoS)
rexml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of multiple XML declarations during parsing, which allows an attacker to craft malicious XML input that exhausts system resources and causes the application to become unresponsive...
Low: ruby3.2
Issue Overview: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches t...
Ruby REXML 3.3.3 < 3.4.2 DoS vulnerability
The version of the REXML Ruby library installed on the remote host is 3.3.3 prior to 3.4.2. It is, therefore, affected by a DoS vulnerability as referenced in GHSA-c2f4-jgmc-q2r5 advisory. - REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing...
REXML has DoS condition when parsing malformed XML file
Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...
UBUNTU-CVE-2025-58767
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...
CVE-2025-58767 REXML has a DoS condition when parsing malformed XML file
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...
CVE-2025-58767
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...
CVE-2025-58767
CVE-2025-58767 affects the Ruby XML toolkit REXML. The vulnerability exists in the REXML gem for versions 3.3.3–3.4.1 when parsing XML containing multiple XML declarations, leading to a DoS. A fix is available in REXML 3.4.2 and later. Remediate by upgrading to a patched version (3.4.2+). The con...
PT-2025-38243
Name of the Vulnerable Software and Affected Versions REXML versions 3.3.3 through 3.4.1 Description REXML, an XML toolkit for Ruby, is susceptible to a denial-of-service issue when processing XML data containing multiple XML declarations. Parsing untrusted XMLs may lead to this issue...
REXML has DoS condition when parsing malformed XML file
Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...
CLSA-2023-1696879417 python2: Fix of CVE-2022-48565
CVE-2022-48565: Reject XML entity declarations in plist files...
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.2 update (Moderate) (RHSA-2014:1821)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1821 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.3.2 update (Moderate) (RHSA-2014:1818)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1818 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue...
OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.2 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.3.2 and fix one security issue, several bugs, and add various enhancements are now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common...
[ MDVSA-2014:193 ] xerces-j2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:193 http://www.mandriva.com/en/support/security/ Package : xerces-j2 Date : October 1, 2014 Affected: Business Server 1.0 Problem Description: A resource consumption issue was found in the way Xerces-J handl...
MGASA-2014-0398 Updated xerces-j2 packages fix CVE-2013-4002
Updated xerces-j2 packages fix security vulnerability: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using...
Updated xerces-j2 packages fix CVE-2013-4002
Updated xerces-j2 packages fix security vulnerability: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using...
OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...
OpenJDK: XML parsing Denial of Service (JAXP, 8017298)
A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...