REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
History

Thu, 19 Sep 2024 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-16T17:28:07.372Z

Updated: 2024-08-02T04:33:11.796Z

Reserved: 2024-07-02T19:37:18.600Z

Link: CVE-2024-39908

cve-icon Vulnrichment

Updated: 2024-07-16T18:03:50.381Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-16T18:15:08.167

Modified: 2024-11-21T09:28:32.747

Link: CVE-2024-39908

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-07-16T06:00:00Z

Links: CVE-2024-39908 - Bugzilla