Search for packages
| purl | pkg:rpm/redhat/puppet-agent@7.34.0-4?arch=el8sat |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-msc8-xjz2-2kb4
Aliases: CVE-2024-49761 GHSA-2rxp-v6pw-ch6m |
REXML ReDoS vulnerability ### Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between `&#` and `x...;` in a hex numeric character reference (`&#x...;`). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03. ### Patches The REXML gem 3.3.9 or later include the patch to fix the vulnerability. ### Workarounds Use Ruby 3.2 or later instead of Ruby 3.1. ### References * https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/: An announce on www.ruby-lang.org | There are no reported fixed by versions. |
|
VCID-yrde-5x8z-ekbn
Aliases: CVE-2025-10990 |
rexml: REXML: Denial of Service via inefficient regex parsing | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:44:24.683838+00:00 | RedHat Importer | Affected by | VCID-msc8-xjz2-2kb4 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49761.json | 38.0.0 |
| 2026-04-01T13:36:26.496135+00:00 | RedHat Importer | Affected by | VCID-yrde-5x8z-ekbn | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10990.json | 38.0.0 |