PT-2024-6381 · Rexml+11 · Rexml+11

Mprogrammer

+1

·

Published

2024-05-16

·

Updated

2025-10-27

·

CVE-2024-41123

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.3
Description The REXML gem has some DoS vulnerabilities when it parses an XML that has many specific characters, such as whitespace characters, &gt; and ]&gt;, or <, 0 and %>. This vulnerability is related to uncontrolled resource consumption and can be exploited by a remote attacker to cause a denial of service. If you need to parse untrusted XMLs, you may be impacted by these vulnerabilities.
Recommendations For REXML gem versions prior to 3.3.3, upgrade to version 3.3.3 or later to fix these vulnerabilities. As a temporary workaround, consider not parsing untrusted XMLs to minimize the risk of exploitation. Restricting the parsing of XMLs with many specific characters can also help mitigate the issue.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

ALSA-2024:6670
ALSA-2024:6784
ALSA-2024:6785
ALSA-2024_6670
ALSA-2025:4063
ALSA-2025:4488
ALSA-2025_4488
ALT-PU-2024-14692
BDU:2024-07429
CESA-2024_6670
CESA-2024_6784
CESA-2025_4063
CVE-2024-41123
DLA-4018-1
DLA-4018-2
ECHO-EC4D-0931-98CE
GHSA-4XQQ-M2HX-25V8
GHSA-R55C-59QM-VJW6
GHSA-VG3R-RM7W-2XGH
INFSA-2024_6670
INFSA-2024_6784
INFSA-2024_6785
INFSA-2025_4063
INFSA-2025_4488
MGASA-2025-0001
OESA-2024-2114
OPENSUSE-SU-2025:0129-1
RHSA-2024:6670
RHSA-2024:6702
RHSA-2024:6703
RHSA-2024:6784
RHSA-2024:6785
RHSA-2024_6670
RHSA-2024_6784
RHSA-2024_6785
RHSA-2025:4063
RHSA-2025:4488
RHSA-2025_4063
RHSA-2025_4488
RLSA-2024:6670
RLSA-2024:6784
RLSA-2024:6785
SUSE-SU-2024:3874-1
USN-7091-1
USN-7091-2
USN-7418-1
USN-7840-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Rexml
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu