7.5
CVE-2024-41946
- EPSS 1.19%
- Veröffentlicht 01.08.2024 15:15:14
- Zuletzt bearbeitet 03.11.2025 21:16:17
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
REXML DoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.19% | 0.639 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368
https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4
https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml
https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
https://security.netapp.com/advisory/ntap-20250117-0007/
https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html