Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41123

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Published

2024-08-01T15:15:13.213

Last Modified

2024-12-27T16:15:24.577

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ruby-lang	rexml	< 3.2.7	Yes
Application	ruby-lang	rexml	< 3.3.2	Yes

References

https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 Not Applicable ([email protected])
https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6 Vendor Advisory ([email protected])
https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh Not Applicable ([email protected])
https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20241227-0005/ (af854a3a-2127-422b-91ae-364da2661108)