CVE-2024-41946 REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

CVE-2024-41946 REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

CVE-2024-41946

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

CVE-2024-41123 REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...

CVE-2024-41123

REXML (Ruby) DoS vulnerability CVE-2024-41123 affects the REXML gem in versions prior to 3.3.2, triggered when parsing XML containing specific characters (whitespace, >], ]>). The advisory notes that REXML 3.3.3 and later include patches to fix this issue. Several connected sources corrobor...

CVE-2024-41123 REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176).

Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-35176 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content contains...

Elektra 安全漏洞

Elektra is an Openstack dashboard open-sourced by SAP Converged Cloud. Making Openstack more accessible to users. A security vulnerability exists in Elektra that stems from the presence of a code injection vulnerability that allows an authenticated user to craft search terms containing Ruby code ...

REXML 安全漏洞

REXML is a Ruby open source XML toolkit for Ruby. A security vulnerability exists in REXML versions prior to 3.3.2, which stems from a number of DoS vulnerabilities when parsing XML containing many special characters...

REXML 安全漏洞

REXML is a Ruby open source XML toolkit for Ruby. A security vulnerability exists in REXML versions prior to 3.3.3, which stems from a DoS vulnerability when parsing XML with many entity extensions...

PT-2024-29664 · Elektra +1 · Elektra +1

Name of the Vulnerable Software and Affected Versions: Elektra versions prior to the version containing commit 8bce00be93b95a6512ff68fe86bf9554e486bc02 Description: A code injection issue was discovered in the live search functionality of the Elektra web application, which is built on Ruby on...

PT-2024-6376

Name of the Vulnerable Software and Affected Versions REXML versions prior to 3.3.3 Description The issue is related to an uncontrolled resource consumption in the REXML XML toolkit for Ruby. When REXML parses an XML with many entity expansions using the SAX2 or pull parser API, it can lead to a...

Malicious code in melio-platform-api-client (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb4e0efafa3bf0645819f2aa88cfdc7778f938470c0984afc5e1f1504df982aa The OpenSSF Package Analysis project identified 'melio-platform-api-client' @ 5.0.0 rubygems as malicious. It is considered malicious because: -...

Malicious code in prnigtest (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 33de2220f578380a865d6c3698c4b14d12094a22c8689b41c0aa1215860ca676 The OpenSSF Package Analysis project identified 'prnigtest' @ 1.0 rubygems as malicious. It is considered malicious because: - The package...

Tracks 安全漏洞

Tracks is an open source GTD-compatible web application built with Ruby on Rails by TracksApp. A security vulnerability exists in Tracks versions prior to 2.7.1. An attacker exploited the vulnerability to execute malicious JavaScript in a user's browser environment, which could lead to a credenti...

Fedora 40 : ruby (2024-93575091aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-93575091aa advisory. Upgrade to Ruby 3.3.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

USN-6838-1: Ruby vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdocoptions file, a remote attacker could possibly use...

USN-6853-1: Ruby vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain...

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1. An upgraded version of the package is available that resolves this issue...

Photon OS 5.0: Ruby PHSA-2024-5.0-0259

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0259. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...