REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-16T17:28:07.372Z
Updated: 2024-08-02T04:33:11.796Z
Reserved: 2024-07-02T19:37:18.600Z
Link: CVE-2024-39908
Vulnrichment
Updated: 2024-07-16T18:03:50.381Z
NVD
Status : Awaiting Analysis
Published: 2024-07-16T18:15:08.167
Modified: 2024-11-21T09:28:32.747
Link: CVE-2024-39908
Redhat