Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-35176

Published: 16/05/2024 Updated: 17/05/2024

Vulnerability Summary

REXML is an XML toolkit for Ruby. The REXML gem prior to 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.

Vendor Advisories

Debian CVElist Bug Report Logs: ruby3.1: CVE-2024-35176
Debian Bug report logs - #1071626 ruby31: CVE-2024-35176 Package: src:ruby31; Maintainer for src:ruby31 is Debian Ruby Team &lt;pkg-ruby-extras-maintainers@listsaliothdebianorg&gt;; Reported by: Moritz Mühlenhoff &lt;jmm@inutilorg&gt; Date: Wed, 22 May 2024 15:09:01 UTC Severity: important Tags: security, upstream Found ...

References

https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xghhttps://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfbhttps://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071626https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook