Debian 11: DLA-4018-1 moderate: ruby2.7 multiple DoS vulnerabilities
debian lts
January 18, 2025
Multiple vulnerabilities were found in ruby a popular programming language
Topics Covered
Summary
CVE-2024-35176
The REXML gem has a Denial of Service (DoS) vulnerability
when it parses an XML that has many `<`s in
an attribute value. Those who need to parse
untrusted XMLs may be impacted to this vulnerability.
CVE-2024-39908
The REXML gem has some Denial of Service (DoS) vulnerabilities
when it parses an XML that has many specific characters such
as `<`, `0` and `%>`. If you need to parse untrusted XMLs,
you many be impacted to these vulnerabilities.
CVE-2024-41123
The REXML gem has some Denial of Service (DoS) vulnerabilities
when it parses an XML that has many specific characters
such as whitespace character, >] and ]>.
If you need to parse untrusted XMLs, you may be impacted
to these vulnerabilities.
CVE-2024-41946
The REXML gem had a Denial of Service (DoS) vulnerability
when it parses an XML that has many entity expansions
with SAX2 or pull parser API.
CVE-2024-43398
REXML is an XML toolkit for Ruby.
PREVIOUS
NEXT
Package: ruby2.7
Version: 2.7.4-1+deb11u3
CVE ID: CVE-2024-35176 CVE-2024-39908 CVE-2024-41123 CVE-2024-41946
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!