Search for packages
| purl | pkg:gem/rexml@3.3.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bdtz-3mgw-4kga | REXML ReDoS vulnerability ### Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between `&#` and `x...;` in a hex numeric character reference (`&#x...;`). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on 2025-03. ### Patches The REXML gem 3.3.9 or later include the patch to fix the vulnerability. ### Workarounds Use Ruby 3.2 or later instead of Ruby 3.1. ### References * https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/: An announce on www.ruby-lang.org |
CVE-2024-49761
GHSA-2rxp-v6pw-ch6m |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T19:14:19.448846+00:00 | GitLab Importer | Fixing | VCID-bdtz-3mgw-4kga | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rexml/CVE-2024-49761.yml | 37.0.0 |
| 2025-07-03T13:57:22.041750+00:00 | GitLab Importer | Fixing | VCID-bdtz-3mgw-4kga | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rexml/CVE-2024-49761.yml | 36.1.3 |
| 2025-07-01T14:35:45.190776+00:00 | GHSA Importer | Fixing | VCID-bdtz-3mgw-4kga | https://github.com/advisories/GHSA-2rxp-v6pw-ch6m | 36.1.3 |
| 2025-07-01T12:08:43.492093+00:00 | GithubOSV Importer | Fixing | VCID-bdtz-3mgw-4kga | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-2rxp-v6pw-ch6m/GHSA-2rxp-v6pw-ch6m.json | 36.1.3 |