14179 matches found
ROS-20241029-02
A vulnerability in the Action Dispatch component of the Ruby interpreter with the Action Pack extension is related to bugs in the procedures for filtering Action Dispatch request parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...
ROS-20241029-09
A vulnerability in the plaintextforblockquotenode function of the Ruby interpreter with the Action Text Gem extension is related to the execution of the function for an unexpectedly large amount of time. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial o...
ROS-20241029-11
A vulnerability in the blockformat function of the Ruby interpreter with the Action Mailer Gem extension is related to the execution of the function for an unexpectedly large amount of time. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
CVE-2024-49761
A flaw was found in the REXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
DEBIAN-CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 vulnerabilities
Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, logstash, ruby3.3-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.1-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, jruby, ruby...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51894 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51908 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.3.9-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
ALPINE-CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51904 CVE-2024-49761 affecting package ruby for versions less than 3.3.5-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 vulnerabilities
Vulnerabilities for packages: jruby, kube-fluentd-operator, logstash, ruby...
AZL-51876 CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
UBUNTU-CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
CVE-2024-49761 affects the Ruby ecosystem via the REXML XML toolkit. The vulnerability exists in the REXML gem before 3.3.9, where parsing an XML containing hex numeric character references (&#x...;) with many digits can cause a ReDoS. Ruby 3.2+ is not affected; Ruby 3.1 is the affected maintaine...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...