CVE-2024-41123 (rexml): DoS vulnerabilities in REXML

DoS vulnerabilities in REXML

Published: August 01, 2024

SECURITY IDENTIFIERS

CVE: CVE-2024-41123 (NVD)
GHSA: GHSA-r55c-59qm-vjw6
Vendor Advisory: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123

GEM

rexml

SEVERITY

CVSS v3.x: 5.3 (Medium)

PATCHED VERSIONS

>= 3.3.3

DESCRIPTION

There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been assigned the CVE identifier CVE-2024-41123. We strongly recommend upgrading the REXML gem.

Details

When parsing an XML document that has many specific characters such as whitespace character, >] and ]>, REXML gem may take long time.

Please update REXML gem to version 3.3.3 or later.

Affected versions

REXML gem 3.3.2 or prior

Credits

Thanks to mprogrammer and scyoon for discovering these issues.

History

Originally published at 2024-08-01 03:00:00 (UTC)

https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123

RubySec