14176 matches found
GHSA-R55C-59QM-VJW6 vulnerabilities
Vulnerabilities for packages: ruby, kube-fluentd-operator, jruby...
CVE-2024-41946 vulnerabilities
Vulnerabilities for packages: ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, jruby, ruby3.1-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby...
CVE-2024-41946 vulnerabilities
Vulnerabilities for packages: ruby, kube-fluentd-operator, jruby...
DEBIAN-CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
AZL-47358 CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.2.7-2
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
AZL-47331 CVE-2024-41946 affecting package ruby for versions less than 3.1.4-7
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
ALPINE-CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41961
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...
AZL-47370 CVE-2024-41946 affecting package ruby for versions less than 3.3.3-2
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
AZL-47376 CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.3.4-1
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41123 vulnerabilities
Vulnerabilities for packages: ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, jruby, ruby3.1-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby...
CVE-2024-41123 vulnerabilities
Vulnerabilities for packages: ruby, kube-fluentd-operator, jruby...
DEBIAN-CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...
ALPINE-CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...
UBUNTU-CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
UBUNTU-CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...
Denial of Service (DoS)
Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Denial of Service DoS via the REXML gem, when parsing an XML document that has many specific characters such as whitespace character, and . Details Denial of Service DoS describes a family of attacks...
CVE-2024-41961 Elektra vulnerable to remote code execution in universal search
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...
CVE-2024-41961
Summary of CVE-2024-41961 (Elektra) : Elektra, a Ruby on Rails-based OpenStack dashboard, contains a code injection vulnerability in its live search functionality. An authenticated user can provide a search term that includes Ruby code, which flows to an eval sink and can execute arbitrary code. ...
CVE-2024-41961 Elektra vulnerable to remote code execution in universal search
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...