VulnerableCode Package Details - pkg:rpm/redhat/ruby@3.0.7-163?arch=el9_5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/ruby@3.0.7-163?arch=el9_5

Essentials
History (1)

purl	pkg:rpm/redhat/ruby@3.0.7-163?arch=el9_5

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-msc8-xjz2-2kb4 Aliases: CVE-2024-49761 GHSA-2rxp-v6pw-ch6m	REXML ReDoS vulnerability ### Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between `&#` and `x...;` in a hex numeric character reference (`&#x...;`). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03. ### Patches The REXML gem 3.3.9 or later include the patch to fix the vulnerability. ### Workarounds Use Ruby 3.2 or later instead of Ruby 3.1. ### References * https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/: An announce on www.ruby-lang.org	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:44:25.219606+00:00	RedHat Importer	Affected by	VCID-msc8-xjz2-2kb4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49761.json	38.0.0