Rexml@* Security Vulnerabilities and Issues — Rexml@* CVE List

Ruby-langRexml*

7 matches found

CVE•added 2021/04/21 6:55 a.m.•408 views

CVE-2021-28965

The CVE-2021-28965 issue concerns the Ruby REXML library: specifically the REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1. The root cause is improper handling of XML round-trips, which can produce an incorrect XML document after parsing and serializing. Seve...

7.5CVSS7.6AI score0.05061EPSS

CVE•added 2024/08/01 2:22 p.m.•349 views

CVE-2024-41946

CVE-2024-41946 is a Denial of Service (DoS) vulnerability in the Ruby REXML XML toolkit. It affects the REXML gem when parsing XML that contains many entity expansions using SAX2 or the pull parser API. The issue is fixed in REXML gem version 3.3.3 and later; older releases (notably 3.3.2) are vu...

7.5CVSS5.4AI score0.01192EPSS

CVE•added 2024/05/16 3:13 p.m.•348 views

CVE-2024-35176

CVE-2024-35176 affects the Ruby REXML XML toolkit. The vulnerability is a Denial of Service in the REXML gem when parsing XML that contains many

5.3CVSS6.4AI score0.02064EPSS

CVE•added 2024/08/22 2:14 p.m.•337 views

CVE-2024-43398

REXML DoS in Ruby: the vulnerability CVE-2024-43398 affects the REXML gem when parsing XMLs with many deep elements that have the same local name attributes. It is exploitable via tree parser usage (e.g., REXML::Document.new); stream parser and SAX2 APIs are not affected. Versions prior to 3.3.6 ...

5.9CVSS5.7AI score0.01205EPSS

CVE•added 2024/07/16 5:28 p.m.•328 views

CVE-2024-39908

REXML (Ruby) DoS vulnerabilities (CVE-2024-39908) affect the Ruby REXML gem prior to versions 3.3.1, with issues when parsing XML containing specific characters such as . Patches are in 3.3.2 and later; upgrades to 3.3.2+ are advised. If upgrading is not possible, avoid parsing untrusted XML stri...

4.3CVSS5.8AI score0.01379EPSS

CVE•added 2024/10/28 2:10 p.m.•320 views

CVE-2024-49761

CVE-2024-49761 affects the Ruby ecosystem via the REXML XML toolkit. The vulnerability exists in the REXML gem before 3.3.9, where parsing an XML containing hex numeric character references (&#x...;) with many digits can cause a ReDoS. Ruby 3.2+ is not affected; Ruby 3.1 is the affected maintaine...

8.7CVSS7.3AI score0.01429EPSS

CVE•added 2024/08/01 2:18 p.m.•305 views

CVE-2024-41123

REXML (Ruby) DoS vulnerability CVE-2024-41123 affects the REXML gem in versions prior to 3.3.2, triggered when parsing XML containing specific characters (whitespace, >], ]>). The advisory notes that REXML 3.3.3 and later include patches to fix this issue. Several connected sources corrobor...

7.5CVSS5.7AI score0.01283EPSS