3 matches found
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
CVE-2024-41946
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file. Mitigation Mitigation for this issue is either not...
Improper Input Validation
Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Improper Input Validation. When parsing and serializing a crafted XML document, REXML gem including the one bundled with Ruby can create a wrong XML document whose structure is different from the...