DEBIAN-CVE-2024-41123

DEBIAN-CVE-2024-41123 PUBLISHED CVSS 7.5 HIGH

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	ruby3.1	3.1.2-8.4, 3.1.2-8.5, 3.1.2-8.3
Debian:11	ruby2.7	2.7.4-1, 0, 2.7.4-1
Debian:13	ruby3.3	0, 0
Debian:14	ruby3.3	0, 0

Timeline

Aug 1, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-41123 advisory

Open in Interactive Console →