CLSA-2026-1769511237 ruby: Fix of 2 CVEs

CVE-2025-61594: fix incomplete fix for CVE-2025-27221 which allowed credential leaks to persist in URI+ CVE-2025-27221: fix credential leak by correctly truncating userinfo...

Internet Bug Bounty: CVE-2024-43398: DoS vulnerability in REXML

The CVE-2024-43398 vulnerability was a denial-of-service issue in the REXML library due to poor performance when parsing specially crafted XML. This vulnerability was addressed with a patch released by the Ruby team...

UBUNTU-CVE-2024-49761

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...

Possible remote code execution vulnerability in Action Pack

There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x Not affected: 5.0+ Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2 Impact ------ Applications that pass unverifi...