Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
Typedeb
Namespacedebian
Nameruby3.3
Version3.3.5-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.3.6-1
Latest_non_vulnerable_version3.3.8-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-jdtw-bn8z-e3b6
vulnerability_id VCID-jdtw-bn8z-e3b6
summary 
REXML denial of service vulnerability
### Impact

The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes.

If you need to parse untrusted XMLs with tree parser API like `REXML::Document.new`, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected.

### Patches

The REXML gem 3.3.6 or later include the patch to fix the vulnerability.

### Workarounds

Don't parse untrusted XMLs with tree parser API.

### References

* https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398/ : An announce on www.ruby-lang.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43398.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43398.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43398
reference_id
reference_type
scores
0
value 0.01135
scoring_system epss
scoring_elements 0.78468
published_at 2026-05-05T12:55:00Z
1
value 0.01135
scoring_system epss
scoring_elements 0.78401
published_at 2026-04-18T12:55:00Z
2
value 0.01135
scoring_system epss
scoring_elements 0.78402
published_at 2026-04-16T12:55:00Z
3
value 0.01135
scoring_system epss
scoring_elements 0.78373
published_at 2026-04-13T12:55:00Z
4
value 0.01135
scoring_system epss
scoring_elements 0.7838
published_at 2026-04-12T12:55:00Z
5
value 0.01135
scoring_system epss
scoring_elements 0.78397
published_at 2026-04-11T12:55:00Z
6
value 0.01135
scoring_system epss
scoring_elements 0.78371
published_at 2026-04-09T12:55:00Z
7
value 0.01135
scoring_system epss
scoring_elements 0.78365
published_at 2026-04-08T12:55:00Z
8
value 0.01135
scoring_system epss
scoring_elements 0.78339
published_at 2026-04-07T12:55:00Z
9
value 0.01135
scoring_system epss
scoring_elements 0.78356
published_at 2026-04-04T12:55:00Z
10
value 0.01135
scoring_system epss
scoring_elements 0.78325
published_at 2026-04-02T12:55:00Z
11
value 0.01167
scoring_system epss
scoring_elements 0.78716
published_at 2026-04-29T12:55:00Z
12
value 0.01167
scoring_system epss
scoring_elements 0.78699
published_at 2026-04-26T12:55:00Z
13
value 0.01167
scoring_system epss
scoring_elements 0.78691
published_at 2026-04-24T12:55:00Z
14
value 0.01167
scoring_system epss
scoring_elements 0.78661
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43398
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/commit/7cb5eaeb221c322b9912f724183294d8ce96bae3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/commit/7cb5eaeb221c322b9912f724183294d8ce96bae3
6
reference_url https://github.com/ruby/rexml/releases/tag/v3.3.6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:43:15Z/
url https://github.com/ruby/rexml/releases/tag/v3.3.6
7
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T14:43:15Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-43398.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-43398.yml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43398
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43398
11
reference_url https://security.netapp.com/advisory/ntap-20250103-0006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0006
12
reference_url https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
reference_id 1083190
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2307297
reference_id 2307297
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2307297
15
reference_url https://github.com/advisories/GHSA-vmwr-mc7x-5vc3
reference_id GHSA-vmwr-mc7x-5vc3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmwr-mc7x-5vc3
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6670
reference_id RHSA-2024:6670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6670
18
reference_url https://access.redhat.com/errata/RHSA-2024:6702
reference_id RHSA-2024:6702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6702
19
reference_url https://access.redhat.com/errata/RHSA-2024:6703
reference_id RHSA-2024:6703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6703
20
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
21
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
22
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
23
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
24
reference_url https://usn.ubuntu.com/7256-1/
reference_id USN-7256-1
reference_type
scores
url https://usn.ubuntu.com/7256-1/
25
reference_url https://usn.ubuntu.com/7418-1/
reference_id USN-7418-1
reference_type
scores
url https://usn.ubuntu.com/7418-1/
fixed_packages
0
url pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.5-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.8-2%3Fdistro=trixie
aliases CVE-2024-43398, GHSA-vmwr-mc7x-5vc3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdtw-bn8z-e3b6
1
url VCID-m6hy-vnf9-hyfe
vulnerability_id VCID-m6hy-vnf9-hyfe
summary 
REXML DoS vulnerability
### Impact

The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API.

If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability.

### Patches

The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

### Workarounds

Don't parse untrusted XMLs with SAX2 or pull parser API.

### References

* https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/ : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946/: An announce on www.ruby-lang.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41946.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41946.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41946
reference_id
reference_type
scores
0
value 0.00661
scoring_system epss
scoring_elements 0.71204
published_at 2026-05-05T12:55:00Z
1
value 0.00661
scoring_system epss
scoring_elements 0.71119
published_at 2026-04-13T12:55:00Z
2
value 0.00661
scoring_system epss
scoring_elements 0.71172
published_at 2026-04-18T12:55:00Z
3
value 0.00661
scoring_system epss
scoring_elements 0.71165
published_at 2026-04-16T12:55:00Z
4
value 0.00661
scoring_system epss
scoring_elements 0.71135
published_at 2026-04-12T12:55:00Z
5
value 0.00661
scoring_system epss
scoring_elements 0.7115
published_at 2026-04-11T12:55:00Z
6
value 0.00661
scoring_system epss
scoring_elements 0.71127
published_at 2026-04-09T12:55:00Z
7
value 0.00661
scoring_system epss
scoring_elements 0.71114
published_at 2026-04-08T12:55:00Z
8
value 0.00661
scoring_system epss
scoring_elements 0.71072
published_at 2026-04-07T12:55:00Z
9
value 0.00661
scoring_system epss
scoring_elements 0.71097
published_at 2026-04-04T12:55:00Z
10
value 0.00661
scoring_system epss
scoring_elements 0.7108
published_at 2026-04-02T12:55:00Z
11
value 0.00679
scoring_system epss
scoring_elements 0.71644
published_at 2026-04-29T12:55:00Z
12
value 0.00679
scoring_system epss
scoring_elements 0.7164
published_at 2026-04-26T12:55:00Z
13
value 0.00679
scoring_system epss
scoring_elements 0.71635
published_at 2026-04-24T12:55:00Z
14
value 0.00679
scoring_system epss
scoring_elements 0.71584
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41946
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41946.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41946.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41946
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41946
10
reference_url https://security.netapp.com/advisory/ntap-20250117-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250117-0007
11
reference_url https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml
12
reference_url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T15:45:10Z/
url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
reference_id 1083190
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302272
reference_id 2302272
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302272
15
reference_url https://github.com/advisories/GHSA-5866-49gr-22v4
reference_id GHSA-5866-49gr-22v4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5866-49gr-22v4
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6670
reference_id RHSA-2024:6670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6670
18
reference_url https://access.redhat.com/errata/RHSA-2024:6702
reference_id RHSA-2024:6702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6702
19
reference_url https://access.redhat.com/errata/RHSA-2024:6703
reference_id RHSA-2024:6703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6703
20
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
21
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
22
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
23
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
24
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
25
reference_url https://usn.ubuntu.com/7091-2/
reference_id USN-7091-2
reference_type
scores
url https://usn.ubuntu.com/7091-2/
26
reference_url https://usn.ubuntu.com/7840-1/
reference_id USN-7840-1
reference_type
scores
url https://usn.ubuntu.com/7840-1/
fixed_packages
0
url pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.5-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.8-2%3Fdistro=trixie
aliases CVE-2024-41946, GHSA-5866-49gr-22v4
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6hy-vnf9-hyfe
2
url VCID-qu1w-yd76-t7c1
vulnerability_id VCID-qu1w-yd76-t7c1
summary 
REXML denial of service vulnerability
### Impact

The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

### Patches

The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.

### Workarounds

Don't parse untrusted XMLs.

### References

* https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39908.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39908.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39908
reference_id
reference_type
scores
0
value 0.06685
scoring_system epss
scoring_elements 0.91238
published_at 2026-04-12T12:55:00Z
1
value 0.06685
scoring_system epss
scoring_elements 0.91261
published_at 2026-04-16T12:55:00Z
2
value 0.06685
scoring_system epss
scoring_elements 0.91237
published_at 2026-04-13T12:55:00Z
3
value 0.06685
scoring_system epss
scoring_elements 0.91234
published_at 2026-04-11T12:55:00Z
4
value 0.06685
scoring_system epss
scoring_elements 0.91227
published_at 2026-04-09T12:55:00Z
5
value 0.06685
scoring_system epss
scoring_elements 0.91221
published_at 2026-04-08T12:55:00Z
6
value 0.06685
scoring_system epss
scoring_elements 0.91207
published_at 2026-04-07T12:55:00Z
7
value 0.06685
scoring_system epss
scoring_elements 0.912
published_at 2026-04-04T12:55:00Z
8
value 0.06685
scoring_system epss
scoring_elements 0.91192
published_at 2026-04-02T12:55:00Z
9
value 0.06685
scoring_system epss
scoring_elements 0.9126
published_at 2026-04-18T12:55:00Z
10
value 0.08032
scoring_system epss
scoring_elements 0.92124
published_at 2026-04-21T12:55:00Z
11
value 0.08032
scoring_system epss
scoring_elements 0.92128
published_at 2026-04-26T12:55:00Z
12
value 0.08032
scoring_system epss
scoring_elements 0.92126
published_at 2026-04-29T12:55:00Z
13
value 0.08335
scoring_system epss
scoring_elements 0.9231
published_at 2026-05-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39908
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39908
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39908
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/releases/tag/v3.3.2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml/releases/tag/v3.3.2
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:58:11Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-39908.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-39908.yml
8
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39908
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39908
10
reference_url https://security.netapp.com/advisory/ntap-20250117-0008
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250117-0008
11
reference_url https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:58:11Z/
url https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076766
reference_id 1076766
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076766
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076768
reference_id 1076768
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076768
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2298243
reference_id 2298243
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2298243
15
reference_url https://github.com/advisories/GHSA-4xqq-m2hx-25v8
reference_id GHSA-4xqq-m2hx-25v8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xqq-m2hx-25v8
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
18
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
19
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
20
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
21
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
22
reference_url https://usn.ubuntu.com/7256-1/
reference_id USN-7256-1
reference_type
scores
url https://usn.ubuntu.com/7256-1/
23
reference_url https://usn.ubuntu.com/7418-1/
reference_id USN-7418-1
reference_type
scores
url https://usn.ubuntu.com/7418-1/
24
reference_url https://usn.ubuntu.com/7840-1/
reference_id USN-7840-1
reference_type
scores
url https://usn.ubuntu.com/7840-1/
fixed_packages
0
url pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.5-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.8-2%3Fdistro=trixie
aliases CVE-2024-39908, GHSA-4xqq-m2hx-25v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qu1w-yd76-t7c1
3
url VCID-yj1t-rga1-x3ev
vulnerability_id VCID-yj1t-rga1-x3ev
summary 
REXML DoS vulnerability
### Impact

The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`.

If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.

### Patches

The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

### Workarounds

Don't parse untrusted XMLs.

### References

* https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
* https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/: An announce on www.ruby-lang.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41123.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41123.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41123
reference_id
reference_type
scores
0
value 0.00232
scoring_system epss
scoring_elements 0.45899
published_at 2026-05-05T12:55:00Z
1
value 0.00232
scoring_system epss
scoring_elements 0.46088
published_at 2026-04-13T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.46139
published_at 2026-04-18T12:55:00Z
3
value 0.00232
scoring_system epss
scoring_elements 0.46143
published_at 2026-04-16T12:55:00Z
4
value 0.00232
scoring_system epss
scoring_elements 0.46079
published_at 2026-04-12T12:55:00Z
5
value 0.00232
scoring_system epss
scoring_elements 0.46108
published_at 2026-04-11T12:55:00Z
6
value 0.00232
scoring_system epss
scoring_elements 0.46084
published_at 2026-04-09T12:55:00Z
7
value 0.00232
scoring_system epss
scoring_elements 0.46086
published_at 2026-04-08T12:55:00Z
8
value 0.00232
scoring_system epss
scoring_elements 0.4603
published_at 2026-04-07T12:55:00Z
9
value 0.00232
scoring_system epss
scoring_elements 0.46082
published_at 2026-04-04T12:55:00Z
10
value 0.00232
scoring_system epss
scoring_elements 0.46061
published_at 2026-04-02T12:55:00Z
11
value 0.00239
scoring_system epss
scoring_elements 0.46928
published_at 2026-04-29T12:55:00Z
12
value 0.00239
scoring_system epss
scoring_elements 0.46977
published_at 2026-04-26T12:55:00Z
13
value 0.00239
scoring_system epss
scoring_elements 0.4698
published_at 2026-04-21T12:55:00Z
14
value 0.00239
scoring_system epss
scoring_elements 0.46966
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41123
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/ruby/rexml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/rexml
5
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8
6
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6
7
reference_url https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41123.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2024-41123.yml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41123
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41123
11
reference_url https://security.netapp.com/advisory/ntap-20241227-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241227-0005
12
reference_url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T14:33:21Z/
url https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
reference_id 1083190
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083190
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2302268
reference_id 2302268
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2302268
15
reference_url https://github.com/advisories/GHSA-r55c-59qm-vjw6
reference_id GHSA-r55c-59qm-vjw6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r55c-59qm-vjw6
16
reference_url https://security.gentoo.org/glsa/202507-08
reference_id GLSA-202507-08
reference_type
scores
url https://security.gentoo.org/glsa/202507-08
17
reference_url https://access.redhat.com/errata/RHSA-2024:6670
reference_id RHSA-2024:6670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6670
18
reference_url https://access.redhat.com/errata/RHSA-2024:6702
reference_id RHSA-2024:6702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6702
19
reference_url https://access.redhat.com/errata/RHSA-2024:6703
reference_id RHSA-2024:6703
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6703
20
reference_url https://access.redhat.com/errata/RHSA-2024:6784
reference_id RHSA-2024:6784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6784
21
reference_url https://access.redhat.com/errata/RHSA-2024:6785
reference_id RHSA-2024:6785
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6785
22
reference_url https://access.redhat.com/errata/RHSA-2025:4063
reference_id RHSA-2025:4063
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4063
23
reference_url https://access.redhat.com/errata/RHSA-2025:4488
reference_id RHSA-2025:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4488
24
reference_url https://usn.ubuntu.com/7091-1/
reference_id USN-7091-1
reference_type
scores
url https://usn.ubuntu.com/7091-1/
25
reference_url https://usn.ubuntu.com/7091-2/
reference_id USN-7091-2
reference_type
scores
url https://usn.ubuntu.com/7091-2/
26
reference_url https://usn.ubuntu.com/7418-1/
reference_id USN-7418-1
reference_type
scores
url https://usn.ubuntu.com/7418-1/
27
reference_url https://usn.ubuntu.com/7840-1/
reference_id USN-7840-1
reference_type
scores
url https://usn.ubuntu.com/7840-1/
fixed_packages
0
url pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.5-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
purl pkg:deb/debian/ruby3.3@3.3.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.8-2%3Fdistro=trixie
aliases CVE-2024-41123, GHSA-r55c-59qm-vjw6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yj1t-rga1-x3ev
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby3.3@3.3.5-1%3Fdistro=trixie