CVE-2024-41123

Name
CVE-2024-41123
Description
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6
MISC https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
MISC https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
MISC https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123

Match rules

CPE URI Source package Min version Max version
rexml >= 0 < 3.3.3
cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:* ruby-rexml >= 0 < 3.3.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ruby-rexml 3.18-main 3.2.5-r3 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
ruby-rexml 3.17-main 3.2.5-r2 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
ruby-rexml edge-main 3.3.9-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
ruby-rexml 3.21-main 3.3.9-r0 Jakub Jirutka <jakub@jirutka.cz> fixed