2 matches found
CLSA-2026-1776952176 ruby: Fix of 4 CVEs
CVE-2024-39908: fix ReDoS in REXML parser for repeated / character reference payloads - CVE-2024-41123: fix ReDoS in REXML source.match when no terminator string is specified - CVE-2024-41946: add XML entity expansion limit to REXML SAX and pull parsers - CVE-2024-43398: fix DoS via deep elements...
The vulnerability of the libexpat library for analyzing XML files stems from an incorrect limitation on XML references to external objects, which allows a hacker to trigger a service failure.
The vulnerability of the libexpat library for analyzing XML files is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures through a specially created XML file...