3 matches found
CVE-2024-35176
CVE-2024-35176 affects the Ruby REXML XML toolkit. The vulnerability is a Denial of Service in the REXML gem when parsing XML that contains many
CVE-2024-43398
REXML DoS in Ruby: the vulnerability CVE-2024-43398 affects the REXML gem when parsing XMLs with many deep elements that have the same local name attributes. It is exploitable via tree parser usage (e.g., REXML::Document.new); stream parser and SAX2 APIs are not affected. Versions prior to 3.3.6 ...
CVE-2025-58767
CVE-2025-58767 affects the Ruby XML toolkit REXML. The vulnerability exists in the REXML gem for versions 3.3.3–3.4.1 when parsing XML containing multiple XML declarations, leading to a DoS. A fix is available in REXML 3.4.2 and later. Remediate by upgrading to a patched version (3.4.2+). The con...