REDHAT-BUG-2302272
First published: Thu Aug 01 2024(Updated: )
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ruby REXML | <3.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2302272?
The severity of REDHAT-BUG-2302272 is classified as a denial of service (DoS) vulnerability.
How do I fix REDHAT-BUG-2302272?
To fix REDHAT-BUG-2302272, upgrade the REXML gem to version 3.3.3 or later.
What versions are affected by REDHAT-BUG-2302272?
REXML gem versions prior to 3.3.3 are affected by the vulnerability identified in REDHAT-BUG-2302272.
What is the nature of the vulnerability in REDHAT-BUG-2302272?
The vulnerability in REDHAT-BUG-2302272 allows for a denial of service attack when parsing XML with excessive entity expansions.
What tools are impacted by REDHAT-BUG-2302272?
The REXML toolkit for Ruby is impacted by the vulnerability described in REDHAT-BUG-2302272.
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/references
- agent/trending
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-41946
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ruby
- canonical/ruby rexml