24 matches found
Astra Linux - уязвимость в ruby2.5
REXML is an XML toolkit for Ruby. The REXML gem version 3.3.2 has a DoS vulnerability when it parses an XML document that contains many entity expansions using SAX2 or the pull parser API. The REXML gem versions 3.3.3 and later include a patch to fix this vulnerability...
Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-41946)
The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41946 advisory. - REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses a...
CVE-2025-0617
An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service...
CLSA-2025-1746653856 ruby: Fix of 2 CVEs
upgrade rexml version to 3.3.3 - CVE-2024-41946: fix DoS vulnerability when parsing many entity expansions with SAX2 or pull parser API - CVE-2024-41123: fix DoS vulnerability when parsing XML with specific characters...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
PT-2025-3984 · Hx · Hx
Name of the Vulnerable Software and Affected Versions: HX versions 10.0.0 and earlier Description: An attacker with access to the vulnerable software may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
OESA-2024-2038 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an...
SUSE CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
ALPINE-CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
DEBIAN-CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
AZL-47376 CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.3.4-1
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
UBUNTU-CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41946 REXML DoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41946
CVE-2024-41946 is a Denial of Service (DoS) vulnerability in the Ruby REXML XML toolkit. It affects the REXML gem when parsing XML that contains many entity expansions using SAX2 or the pull parser API. The issue is fixed in REXML gem version 3.3.3 and later; older releases (notably 3.3.2) are vu...