Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-41946

Опубликовано: 01 авг. 2024
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10ruby:3.3/rubyNot affected
Red Hat Enterprise Linux 8ruby:2.5/rubyFix deferred
Red Hat Enterprise Linux 9pcsAffected
Red Hat Enterprise Linux 9ruby:3.0/rubyAffected
Red Hat OpenStack Platform 16.1puppet-datacatFix deferred
Red Hat OpenStack Platform 16.1puppet-etcdFix deferred
Red Hat OpenStack Platform 16.1puppet-opendaylightOut of support scope
Red Hat OpenStack Platform 16.2puppet-datacatNot affected
Red Hat OpenStack Platform 16.2puppet-etcdNot affected
Red Hat OpenStack Platform 16.2puppet-opendaylightNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2302272rexml: DoS vulnerability in REXML

EPSS

Процентиль: 83%
0.01972
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-41946

CVSS3: 5.3
ubuntu
11 месяцев назад

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

nvd логотип

CVE-2024-41946

CVSS3: 5.3
nvd
11 месяцев назад

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

msrc логотип

CVE-2024-41946

CVSS3: 7.5
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-41946

CVSS3: 5.3
debian
11 месяцев назад

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulner ...

github логотип

GHSA-5866-49gr-22v4

CVSS3: 7.5
github
11 месяцев назад

REXML DoS vulnerability

EPSS

Процентиль: 83%
0.01972
Низкий

3.3 Low

CVSS3

Уязвимость CVE-2024-41946