Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/rexml@3.2.3
Typegem
Namespace
Namerexml
Version3.2.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-bdar-wgfe-qqgf
vulnerability_id VCID-bdar-wgfe-qqgf
summary 
REXML round-trip instability
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28965
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58319
published_at 2026-04-21T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58342
published_at 2026-04-18T12:55:00Z
2
value 0.00362
scoring_system epss
scoring_elements 0.58349
published_at 2026-04-11T12:55:00Z
3
value 0.00362
scoring_system epss
scoring_elements 0.58327
published_at 2026-04-12T12:55:00Z
4
value 0.00362
scoring_system epss
scoring_elements 0.58332
published_at 2026-04-09T12:55:00Z
5
value 0.00362
scoring_system epss
scoring_elements 0.58326
published_at 2026-04-08T12:55:00Z
6
value 0.00362
scoring_system epss
scoring_elements 0.58273
published_at 2026-04-07T12:55:00Z
7
value 0.00362
scoring_system epss
scoring_elements 0.58298
published_at 2026-04-04T12:55:00Z
8
value 0.00362
scoring_system epss
scoring_elements 0.58278
published_at 2026-04-02T12:55:00Z
9
value 0.00362
scoring_system epss
scoring_elements 0.58193
published_at 2026-04-01T12:55:00Z
10
value 0.00362
scoring_system epss
scoring_elements 0.58339
published_at 2026-04-16T12:55:00Z
11
value 0.00362
scoring_system epss
scoring_elements 0.58306
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28965
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41817
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41819
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
10
reference_url https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b
11
reference_url https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377
12
reference_url https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752
13
reference_url https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e
14
reference_url https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8
15
reference_url https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551
16
reference_url https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2021-28965.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2021-28965.yml
18
reference_url https://hackerone.com/reports/1104077
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1104077
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVFTLFVCSUE5CXHINJEUCKSHU4SWDMT/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28965
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28965
22
reference_url https://rubygems.org/gems/rexml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/rexml
23
reference_url https://security.netapp.com/advisory/ntap-20210528-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210528-0003
24
reference_url https://security.netapp.com/advisory/ntap-20210528-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210528-0003/
25
reference_url https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965
26
reference_url https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1947526
reference_id 1947526
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1947526
28
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807
reference_id 986807
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986807
29
reference_url https://security.archlinux.org/ASA-202104-1
reference_id ASA-202104-1
reference_type
scores
url https://security.archlinux.org/ASA-202104-1
30
reference_url https://security.archlinux.org/AVG-1788
reference_id AVG-1788
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1788
31
reference_url https://security.archlinux.org/AVG-1789
reference_id AVG-1789
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1789
32
reference_url https://security.archlinux.org/AVG-1822
reference_id AVG-1822
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1822
33
reference_url https://github.com/advisories/GHSA-8cr8-4vfw-mr7h
reference_id GHSA-8cr8-4vfw-mr7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8cr8-4vfw-mr7h
34
reference_url https://access.redhat.com/errata/RHSA-2021:2104
reference_id RHSA-2021:2104
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2104
35
reference_url https://access.redhat.com/errata/RHSA-2021:2229
reference_id RHSA-2021:2229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2229
36
reference_url https://access.redhat.com/errata/RHSA-2021:2230
reference_id RHSA-2021:2230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2230
37
reference_url https://access.redhat.com/errata/RHSA-2021:2584
reference_id RHSA-2021:2584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2584
38
reference_url https://access.redhat.com/errata/RHSA-2021:2587
reference_id RHSA-2021:2587
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2587
39
reference_url https://access.redhat.com/errata/RHSA-2021:2588
reference_id RHSA-2021:2588
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2588
40
reference_url https://access.redhat.com/errata/RHSA-2022:0581
reference_id RHSA-2022:0581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0581
41
reference_url https://access.redhat.com/errata/RHSA-2022:0582
reference_id RHSA-2022:0582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0582
42
reference_url https://usn.ubuntu.com/4922-1/
reference_id USN-4922-1
reference_type
scores
url https://usn.ubuntu.com/4922-1/
43
reference_url https://usn.ubuntu.com/4922-2/
reference_id USN-4922-2
reference_type
scores
url https://usn.ubuntu.com/4922-2/
fixed_packages
0
url pkg:gem/rexml@3.2.5
purl pkg:gem/rexml@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c5xq-bv4t-73ff
1
vulnerability VCID-jdtw-bn8z-e3b6
2
vulnerability VCID-m6hy-vnf9-hyfe
3
vulnerability VCID-msc8-xjz2-2kb4
4
vulnerability VCID-qu1w-yd76-t7c1
5
vulnerability VCID-trka-k7zz-bkh3
6
vulnerability VCID-yj1t-rga1-x3ev
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.2.5
aliases CVE-2021-28965, GHSA-8cr8-4vfw-mr7h
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdar-wgfe-qqgf
1
url VCID-c5xq-bv4t-73ff
vulnerability_id VCID-c5xq-bv4t-73ff
summary 
REXML contains a denial of service vulnerability
### Impact

The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many `>`s in an attribute value.

If you need to parse untrusted XMLs, you may be impacted to this vulnerability.

### Patches

The REXML gem 3.2.7 or later include the patch to fix this vulnerability.

### Workarounds

Don't parse untrusted XMLs.

### References

* https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35176.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35176.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-35176
reference_id
reference_type
scores
0
value 0.06399
scoring_system epss
scoring_elements 0.91056
published_at 2026-04-21T12:55:00Z
1
value 0.06902
scoring_system epss
scoring_elements 0.91418
published_at 2026-04-16T12:55:00Z
2
value 0.06902
scoring_system epss
scoring_elements 0.91393
published_at 2026-04-13T12:55:00Z
3
value 0.06902
scoring_system epss
scoring_elements 0.91391
published_at 2026-04-11T12:55:00Z
4
value 0.06902
scoring_system epss
scoring_elements 0.91384
published_at 2026-04-09T12:55:00Z
5
value 0.06902
scoring_system epss
scoring_elements 0.91377
published_at 2026-04-08T12:55:00Z
6
value 0.06902
scoring_system epss
scoring_elements 0.91414
published_at 2026-04-18T12:55:00Z
7
value 0.06902
scoring_system epss
scoring_elements 0.91365
published_at 2026-04-07T12:55:00Z
8
value 0.06902
scoring_system epss
scoring_elements 0.91358
published_at 2026-04-04T12:55:00Z
9
value 0.06902
scoring_system epss
scoring_elements 0.91347
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-35176
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35176
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35176
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:26:15Z/
url https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:26:15Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
7
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-35176
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-35176
9
reference_url https://security.netapp.com/advisory/ntap-20250306-0001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250306-0001
10
reference_url https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:26:15Z/
url https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071626
reference_id 1071626
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071626
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2280894
reference_id 2280894
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2280894
13
reference_url https://github.com/advisories/GHSA-vg3r-rm7w-2xgh
reference_id GHSA-vg3r-rm7w-2xgh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vg3r-rm7w-2xgh
14
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
15
reference_url https://access.redhat.com/errata/RHSA-2024:4499
reference_id RHSA-2024:4499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4499
16
reference_url https://access.redhat.com/errata/RHSA-2024:5338
reference_id RHSA-2024:5338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5338
17
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
18
reference_url https://usn.ubuntu.com/7091-2/
reference_id USN-7091-2
reference_type
scores
url https://usn.ubuntu.com/7091-2/
19
reference_url https://usn.ubuntu.com/7418-1/
reference_id USN-7418-1
reference_type
scores
url https://usn.ubuntu.com/7418-1/
20
reference_url https://usn.ubuntu.com/7734-1/
reference_id USN-7734-1
reference_type
scores
url https://usn.ubuntu.com/7734-1/
21
reference_url https://usn.ubuntu.com/7840-1/
reference_id USN-7840-1
reference_type
scores
url https://usn.ubuntu.com/7840-1/
fixed_packages
0
url pkg:gem/rexml@3.2.7
purl pkg:gem/rexml@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jdtw-bn8z-e3b6
1
vulnerability VCID-m6hy-vnf9-hyfe
2
vulnerability VCID-msc8-xjz2-2kb4
3
vulnerability VCID-qu1w-yd76-t7c1
4
vulnerability VCID-trka-k7zz-bkh3
5
vulnerability VCID-yj1t-rga1-x3ev
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.2.7
aliases CVE-2024-35176, GHSA-vg3r-rm7w-2xgh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5xq-bv4t-73ff
2
url VCID-jdtw-bn8z-e3b6
vulnerability_id VCID-jdtw-bn8z-e3b6
summary 
REXML denial of service vulnerability
### Impact

The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes.

If you need to parse untrusted XMLs with tree parser API like `REXML::Document.new`, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected.

### Patches

The REXML gem 3.3.6 or later include the patch to fix the vulnerability.

### Workarounds

Don't parse untrusted XMLs with tree parser API.

### References

* https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398/ : An announce on www.ruby-lang.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43398.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43398.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43398
reference_id
reference_type
scores
0
value 0.01135
scoring_system epss
scoring_elements 0.78401
published_at 2026-04-18T12:55:00Z
1
value 0.01135
scoring_system epss
scoring_elements 0.78402
published_at 2026-04-16T12:55:00Z
2
value 0.01135
scoring_system epss
scoring_elements 0.78373
published_at 2026-04-13T12:55:00Z
3
value 0.01135
scoring_system epss
scoring_elements 0.7838
published_at 2026-04-12T12:55:00Z
4
value 0.01135
scoring_system epss
scoring_elements 0.78325
published_at 2026-04-02T12:55:00Z
5
value 0.01135
scoring_system epss
scoring_elements 0.78397
published_at 2026-04-11T12:55:00Z
6
value 0.01135
scoring_system epss
scoring_elements 0.78371
published_at 2026-04-09T12:55:00Z
7
value 0.01135
scoring_system epss
scoring_elements 0.78365
published_at 2026-04-08T12:55:00Z
8
value 0.01135
scoring_system epss
scoring_elements 0.78339
published_at 2026-04-07T12:55:00Z
9
value 0.01135
scoring_system epss
scoring_elements 0.78356
published_at 2026-04-04T12:55:00Z
10
value 0.01167
scoring_system epss
scoring_elements 0.78661
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43398
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/commit/7cb5eaeb221c322b9912f724183294d8ce96bae3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/7cb5eaeb221c322b9912f724183294d8ce96bae3
6
reference_url https://github.com/ruby/rexml/releases/tag/v3.3.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:43:15Z/
url https://github.com/ruby/rexml/releases/tag/v3.3.6
7
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:43:15Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-43398.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-43398.yml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43398
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43398
11
reference_url https://security.netapp.com/advisory/ntap-20250103-0006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0006
12
reference_url https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
reference_id 1083190
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2307297
reference_id 2307297
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2307297
15
reference_url https://github.com/advisories/GHSA-vmwr-mc7x-5vc3
reference_id GHSA-vmwr-mc7x-5vc3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmwr-mc7x-5vc3
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6670
reference_id RHSA-2024:6670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6670
18
reference_url https://access.redhat.com/errata/RHSA-2024:6702
reference_id RHSA-2024:6702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6702
19
reference_url https://access.redhat.com/errata/RHSA-2024:6703
reference_id RHSA-2024:6703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6703
20
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
21
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
22
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
23
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
24
reference_url https://usn.ubuntu.com/7256-1/
reference_id USN-7256-1
reference_type
scores
url https://usn.ubuntu.com/7256-1/
25
reference_url https://usn.ubuntu.com/7418-1/
reference_id USN-7418-1
reference_type
scores
url https://usn.ubuntu.com/7418-1/
fixed_packages
0
url pkg:gem/rexml@3.3.6
purl pkg:gem/rexml@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-msc8-xjz2-2kb4
1
vulnerability VCID-trka-k7zz-bkh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.3.6
aliases CVE-2024-43398, GHSA-vmwr-mc7x-5vc3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdtw-bn8z-e3b6
3
url VCID-m6hy-vnf9-hyfe
vulnerability_id VCID-m6hy-vnf9-hyfe
summary 
REXML DoS vulnerability
### Impact

The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API.

If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability.

### Patches

The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

### Workarounds

Don't parse untrusted XMLs with SAX2 or pull parser API.

### References

* https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946/: An announce on www.ruby-lang.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41946.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41946.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41946
reference_id
reference_type
scores
0
value 0.00661
scoring_system epss
scoring_elements 0.71127
published_at 2026-04-09T12:55:00Z
1
value 0.00661
scoring_system epss
scoring_elements 0.71119
published_at 2026-04-13T12:55:00Z
2
value 0.00661
scoring_system epss
scoring_elements 0.71135
published_at 2026-04-12T12:55:00Z
3
value 0.00661
scoring_system epss
scoring_elements 0.7115
published_at 2026-04-11T12:55:00Z
4
value 0.00661
scoring_system epss
scoring_elements 0.71114
published_at 2026-04-08T12:55:00Z
5
value 0.00661
scoring_system epss
scoring_elements 0.71072
published_at 2026-04-07T12:55:00Z
6
value 0.00661
scoring_system epss
scoring_elements 0.71097
published_at 2026-04-04T12:55:00Z
7
value 0.00661
scoring_system epss
scoring_elements 0.7108
published_at 2026-04-02T12:55:00Z
8
value 0.00661
scoring_system epss
scoring_elements 0.71172
published_at 2026-04-18T12:55:00Z
9
value 0.00661
scoring_system epss
scoring_elements 0.71165
published_at 2026-04-16T12:55:00Z
10
value 0.00679
scoring_system epss
scoring_elements 0.71584
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41946
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41946.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41946.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41946
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41946
10
reference_url https://security.netapp.com/advisory/ntap-20250117-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250117-0007
11
reference_url https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml
12
reference_url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
reference_id 1083190
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302272
reference_id 2302272
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302272
15
reference_url https://github.com/advisories/GHSA-5866-49gr-22v4
reference_id GHSA-5866-49gr-22v4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5866-49gr-22v4
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6670
reference_id RHSA-2024:6670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6670
18
reference_url https://access.redhat.com/errata/RHSA-2024:6702
reference_id RHSA-2024:6702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6702
19
reference_url https://access.redhat.com/errata/RHSA-2024:6703
reference_id RHSA-2024:6703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6703
20
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
21
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
22
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
23
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
24
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
25
reference_url https://usn.ubuntu.com/7091-2/
reference_id USN-7091-2
reference_type
scores
url https://usn.ubuntu.com/7091-2/
26
reference_url https://usn.ubuntu.com/7840-1/
reference_id USN-7840-1
reference_type
scores
url https://usn.ubuntu.com/7840-1/
fixed_packages
0
url pkg:gem/rexml@3.3.3
purl pkg:gem/rexml@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jdtw-bn8z-e3b6
1
vulnerability VCID-msc8-xjz2-2kb4
2
vulnerability VCID-trka-k7zz-bkh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.3.3
aliases CVE-2024-41946, GHSA-5866-49gr-22v4
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6hy-vnf9-hyfe
4
url VCID-msc8-xjz2-2kb4
vulnerability_id VCID-msc8-xjz2-2kb4
summary 
REXML ReDoS vulnerability
### Impact

The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between `&#` and `x...;` in a hex numeric character reference (`&#x...;`).

This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03.

### Patches

The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

### Workarounds

Use Ruby 3.2 or later instead of Ruby 3.1.

### References

* https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/: An announce on www.ruby-lang.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49761.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-49761
reference_id
reference_type
scores
0
value 0.00899
scoring_system epss
scoring_elements 0.75696
published_at 2026-04-18T12:55:00Z
1
value 0.00899
scoring_system epss
scoring_elements 0.75693
published_at 2026-04-16T12:55:00Z
2
value 0.00899
scoring_system epss
scoring_elements 0.75661
published_at 2026-04-12T12:55:00Z
3
value 0.00899
scoring_system epss
scoring_elements 0.7568
published_at 2026-04-11T12:55:00Z
4
value 0.00899
scoring_system epss
scoring_elements 0.75644
published_at 2026-04-08T12:55:00Z
5
value 0.00899
scoring_system epss
scoring_elements 0.75599
published_at 2026-04-02T12:55:00Z
6
value 0.00899
scoring_system epss
scoring_elements 0.7563
published_at 2026-04-04T12:55:00Z
7
value 0.00899
scoring_system epss
scoring_elements 0.75655
published_at 2026-04-13T12:55:00Z
8
value 0.00899
scoring_system epss
scoring_elements 0.7561
published_at 2026-04-07T12:55:00Z
9
value 0.0169
scoring_system epss
scoring_elements 0.82264
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-49761
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49761
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T14:57:03Z/
url https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T14:57:03Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-49761.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-49761.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-49761
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-49761
10
reference_url https://security.netapp.com/advisory/ntap-20241227-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241227-0004
11
reference_url https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-28T14:57:03Z/
url https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103790
reference_id 1103790
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103790
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2322153
reference_id 2322153
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2322153
14
reference_url https://github.com/advisories/GHSA-2rxp-v6pw-ch6m
reference_id GHSA-2rxp-v6pw-ch6m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rxp-v6pw-ch6m
15
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
16
reference_url https://access.redhat.com/errata/RHSA-2024:10777
reference_id RHSA-2024:10777
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10777
17
reference_url https://access.redhat.com/errata/RHSA-2024:10834
reference_id RHSA-2024:10834
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10834
18
reference_url https://access.redhat.com/errata/RHSA-2024:10850
reference_id RHSA-2024:10850
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10850
19
reference_url https://access.redhat.com/errata/RHSA-2024:10858
reference_id RHSA-2024:10858
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10858
20
reference_url https://access.redhat.com/errata/RHSA-2024:10860
reference_id RHSA-2024:10860
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10860
21
reference_url https://access.redhat.com/errata/RHSA-2024:10961
reference_id RHSA-2024:10961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10961
22
reference_url https://access.redhat.com/errata/RHSA-2024:10964
reference_id RHSA-2024:10964
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10964
23
reference_url https://access.redhat.com/errata/RHSA-2024:10966
reference_id RHSA-2024:10966
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10966
24
reference_url https://access.redhat.com/errata/RHSA-2024:10977
reference_id RHSA-2024:10977
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10977
25
reference_url https://access.redhat.com/errata/RHSA-2024:10982
reference_id RHSA-2024:10982
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10982
26
reference_url https://access.redhat.com/errata/RHSA-2024:10984
reference_id RHSA-2024:10984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10984
27
reference_url https://access.redhat.com/errata/RHSA-2024:11001
reference_id RHSA-2024:11001
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11001
28
reference_url https://access.redhat.com/errata/RHSA-2024:11027
reference_id RHSA-2024:11027
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11027
29
reference_url https://access.redhat.com/errata/RHSA-2024:11028
reference_id RHSA-2024:11028
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11028
30
reference_url https://access.redhat.com/errata/RHSA-2024:11029
reference_id RHSA-2024:11029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11029
31
reference_url https://access.redhat.com/errata/RHSA-2025:11047
reference_id RHSA-2025:11047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11047
32
reference_url https://access.redhat.com/errata/RHSA-2025:12499
reference_id RHSA-2025:12499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12499
33
reference_url https://access.redhat.com/errata/RHSA-2025:13269
reference_id RHSA-2025:13269
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13269
34
reference_url https://access.redhat.com/errata/RHSA-2025:13307
reference_id RHSA-2025:13307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13307
35
reference_url https://access.redhat.com/errata/RHSA-2025:15124
reference_id RHSA-2025:15124
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15124
36
reference_url https://access.redhat.com/errata/RHSA-2025:15371
reference_id RHSA-2025:15371
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15371
37
reference_url https://access.redhat.com/errata/RHSA-2025:17614
reference_id RHSA-2025:17614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17614
38
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
39
reference_url https://usn.ubuntu.com/7091-2/
reference_id USN-7091-2
reference_type
scores
url https://usn.ubuntu.com/7091-2/
40
reference_url https://usn.ubuntu.com/7442-1/
reference_id USN-7442-1
reference_type
scores
url https://usn.ubuntu.com/7442-1/
fixed_packages
0
url pkg:gem/rexml@3.3.9
purl pkg:gem/rexml@3.3.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-trka-k7zz-bkh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.3.9
aliases CVE-2024-49761, GHSA-2rxp-v6pw-ch6m
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msc8-xjz2-2kb4
5
url VCID-qu1w-yd76-t7c1
vulnerability_id VCID-qu1w-yd76-t7c1
summary 
REXML denial of service vulnerability
### Impact

The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

### Patches

The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.

### Workarounds

Don't parse untrusted XMLs.

### References

* https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39908.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39908.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39908
reference_id
reference_type
scores
0
value 0.06685
scoring_system epss
scoring_elements 0.9126
published_at 2026-04-18T12:55:00Z
1
value 0.06685
scoring_system epss
scoring_elements 0.91261
published_at 2026-04-16T12:55:00Z
2
value 0.06685
scoring_system epss
scoring_elements 0.91227
published_at 2026-04-09T12:55:00Z
3
value 0.06685
scoring_system epss
scoring_elements 0.91234
published_at 2026-04-11T12:55:00Z
4
value 0.06685
scoring_system epss
scoring_elements 0.91221
published_at 2026-04-08T12:55:00Z
5
value 0.06685
scoring_system epss
scoring_elements 0.91207
published_at 2026-04-07T12:55:00Z
6
value 0.06685
scoring_system epss
scoring_elements 0.912
published_at 2026-04-04T12:55:00Z
7
value 0.06685
scoring_system epss
scoring_elements 0.91192
published_at 2026-04-02T12:55:00Z
8
value 0.06685
scoring_system epss
scoring_elements 0.91237
published_at 2026-04-13T12:55:00Z
9
value 0.06685
scoring_system epss
scoring_elements 0.91238
published_at 2026-04-12T12:55:00Z
10
value 0.08032
scoring_system epss
scoring_elements 0.92124
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39908
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39908
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39908
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/releases/tag/v3.3.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/releases/tag/v3.3.2
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:58:11Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-39908.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-39908.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39908
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39908
10
reference_url https://security.netapp.com/advisory/ntap-20250117-0008
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250117-0008
11
reference_url https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:58:11Z/
url https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076766
reference_id 1076766
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076766
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076768
reference_id 1076768
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076768
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2298243
reference_id 2298243
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2298243
15
reference_url https://github.com/advisories/GHSA-4xqq-m2hx-25v8
reference_id GHSA-4xqq-m2hx-25v8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xqq-m2hx-25v8
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
18
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
19
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
20
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
21
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
22
reference_url https://usn.ubuntu.com/7256-1/
reference_id USN-7256-1
reference_type
scores
url https://usn.ubuntu.com/7256-1/
23
reference_url https://usn.ubuntu.com/7418-1/
reference_id USN-7418-1
reference_type
scores
url https://usn.ubuntu.com/7418-1/
24
reference_url https://usn.ubuntu.com/7840-1/
reference_id USN-7840-1
reference_type
scores
url https://usn.ubuntu.com/7840-1/
fixed_packages
0
url pkg:gem/rexml@3.3.2
purl pkg:gem/rexml@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jdtw-bn8z-e3b6
1
vulnerability VCID-m6hy-vnf9-hyfe
2
vulnerability VCID-msc8-xjz2-2kb4
3
vulnerability VCID-trka-k7zz-bkh3
4
vulnerability VCID-yj1t-rga1-x3ev
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.3.2
aliases CVE-2024-39908, GHSA-4xqq-m2hx-25v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qu1w-yd76-t7c1
6
url VCID-trka-k7zz-bkh3
vulnerability_id VCID-trka-k7zz-bkh3
summary 
REXML has DoS condition when parsing malformed XML file
The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58767.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58767.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58767
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05544
published_at 2026-04-12T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05557
published_at 2026-04-11T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.05583
published_at 2026-04-09T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.0556
published_at 2026-04-08T12:55:00Z
4
value 0.00021
scoring_system epss
scoring_elements 0.05522
published_at 2026-04-07T12:55:00Z
5
value 0.00021
scoring_system epss
scoring_elements 0.05523
published_at 2026-04-04T12:55:00Z
6
value 0.00021
scoring_system epss
scoring_elements 0.05488
published_at 2026-04-02T12:55:00Z
7
value 0.00022
scoring_system epss
scoring_elements 0.06084
published_at 2026-04-21T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.05955
published_at 2026-04-13T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.05922
published_at 2026-04-16T12:55:00Z
10
value 0.00022
scoring_system epss
scoring_elements 0.05933
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58767
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58767
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58767
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:53:11Z/
url https://github.com/ruby/rexml/commit/5859bdeac792687eaf93d8e8f0b7e3c1e2ed5c23
6
reference_url https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767
7
reference_url https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/
reference_id
reference_type
scores
url https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115655
reference_id 1115655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115655
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2396186
reference_id 2396186
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2396186
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58767
reference_id CVE-2025-58767
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58767
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml
reference_id CVE-2025-58767.YML
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml
12
reference_url https://github.com/advisories/GHSA-c2f4-jgmc-q2r5
reference_id GHSA-c2f4-jgmc-q2r5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c2f4-jgmc-q2r5
13
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5
reference_id GHSA-c2f4-jgmc-q2r5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-17T17:53:11Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-c2f4-jgmc-q2r5
14
reference_url https://access.redhat.com/errata/RHSA-2025:23062
reference_id RHSA-2025:23062
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23062
15
reference_url https://access.redhat.com/errata/RHSA-2025:23063
reference_id RHSA-2025:23063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23063
16
reference_url https://access.redhat.com/errata/RHSA-2025:23140
reference_id RHSA-2025:23140
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23140
17
reference_url https://access.redhat.com/errata/RHSA-2025:23141
reference_id RHSA-2025:23141
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23141
18
reference_url https://access.redhat.com/errata/RHSA-2025:23648
reference_id RHSA-2025:23648
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23648
19
reference_url https://access.redhat.com/errata/RHSA-2025:23927
reference_id RHSA-2025:23927
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23927
fixed_packages
0
url pkg:gem/rexml@3.4.2
purl pkg:gem/rexml@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-trka-k7zz-bkh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.4.2
aliases CVE-2025-58767, GHSA-c2f4-jgmc-q2r5
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trka-k7zz-bkh3
7
url VCID-yj1t-rga1-x3ev
vulnerability_id VCID-yj1t-rga1-x3ev
summary 
REXML DoS vulnerability
### Impact

The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

### Patches

The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

### Workarounds

Don't parse untrusted XMLs.

### References

* https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
* https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/: An announce on www.ruby-lang.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41123.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41123.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41123
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.46108
published_at 2026-04-11T12:55:00Z
1
value 0.00232
scoring_system epss
scoring_elements 0.46139
published_at 2026-04-18T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.46143
published_at 2026-04-16T12:55:00Z
3
value 0.00232
scoring_system epss
scoring_elements 0.46088
published_at 2026-04-13T12:55:00Z
4
value 0.00232
scoring_system epss
scoring_elements 0.46079
published_at 2026-04-12T12:55:00Z
5
value 0.00232
scoring_system epss
scoring_elements 0.46084
published_at 2026-04-09T12:55:00Z
6
value 0.00232
scoring_system epss
scoring_elements 0.46086
published_at 2026-04-08T12:55:00Z
7
value 0.00232
scoring_system epss
scoring_elements 0.4603
published_at 2026-04-07T12:55:00Z
8
value 0.00232
scoring_system epss
scoring_elements 0.46082
published_at 2026-04-04T12:55:00Z
9
value 0.00232
scoring_system epss
scoring_elements 0.46061
published_at 2026-04-02T12:55:00Z
10
value 0.00239
scoring_system epss
scoring_elements 0.4698
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41123
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6
7
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41123.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41123.yml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41123
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41123
11
reference_url https://security.netapp.com/advisory/ntap-20241227-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241227-0005
12
reference_url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
reference_id 1083190
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302268
reference_id 2302268
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302268
15
reference_url https://github.com/advisories/GHSA-r55c-59qm-vjw6
reference_id GHSA-r55c-59qm-vjw6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r55c-59qm-vjw6
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6670
reference_id RHSA-2024:6670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6670
18
reference_url https://access.redhat.com/errata/RHSA-2024:6702
reference_id RHSA-2024:6702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6702
19
reference_url https://access.redhat.com/errata/RHSA-2024:6703
reference_id RHSA-2024:6703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6703
20
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
21
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
22
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
23
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
24
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
25
reference_url https://usn.ubuntu.com/7091-2/
reference_id USN-7091-2
reference_type
scores
url https://usn.ubuntu.com/7091-2/
26
reference_url https://usn.ubuntu.com/7418-1/
reference_id USN-7418-1
reference_type
scores
url https://usn.ubuntu.com/7418-1/
27
reference_url https://usn.ubuntu.com/7840-1/
reference_id USN-7840-1
reference_type
scores
url https://usn.ubuntu.com/7840-1/
fixed_packages
0
url pkg:gem/rexml@3.3.3
purl pkg:gem/rexml@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jdtw-bn8z-e3b6
1
vulnerability VCID-msc8-xjz2-2kb4
2
vulnerability VCID-trka-k7zz-bkh3
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.3.3
aliases CVE-2024-41123, GHSA-r55c-59qm-vjw6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yj1t-rga1-x3ev
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/rexml@3.2.3