Vulnerabilities > CVE-2024-49761 - Unspecified vulnerability in Ruby-Lang Rexml

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

ruby-lang

NVD

Published: 2024-10-28

Updated: 2024-11-05

Summary

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ruby-Lang Ruby Lang Rexml - Ruby Lang Rexml 3.1.7.3 Ruby Lang Rexml 3.1.8 Ruby Lang Rexml 3.1.9 Ruby Lang Rexml 3.1.9.1 Ruby Lang Rexml 3.2.0 Ruby Lang Rexml 3.2.1 Ruby Lang Rexml 3.2.2 Ruby Lang Rexml 3.2.3 Ruby Lang Rexml 3.2.4 Ruby Lang Rexml 3.2.5 Ruby Lang Rexml 3.2.6 Ruby Lang Rexml 3.2.7 Ruby Lang Rexml 3.2.8 Ruby Lang Rexml 3.2.9 Ruby Lang Rexml 3.3.0 Ruby Lang Rexml 3.3.1 Ruby Lang Rexml 3.3.2 Ruby Lang Rexml 3.3.3 Ruby Lang Rexml 3.3.4 Ruby Lang Rexml 3.3.5 Ruby Lang Rexml 3.3.6 Ruby Lang Rexml 3.3.7 Ruby Lang Rexml 3.3.8	24

Summary

Vulnerable Configurations

References