ALPINE-CVE-2024-41123

ALPINE-CVE-2024-41123 PUBLISHED CVSS 7.5 HIGH

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.20	ruby-rexml	3.2.9-r0, 3.2.5-r0, 3.2.5-r1
Alpine:v3.23	ruby-rexml	0, 3.2.9-r0, 3.2.6-r1
Alpine:v3.22	ruby-rexml	3.2.9-r0, 0, 3.2.5-r0
Alpine:v3.19	ruby-rexml	0, 3.2.5-r0, 3.2.5-r1
Alpine:v3.21	ruby-rexml	3.2.6-r1, 3.2.9-r0, 3.2.6-r1

Timeline

Aug 1, 2024 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2024-41123 advisory

Open in Interactive Console →