VDB
GCVE-110-MAGEIA-2025-1
GCVE-110-MAGEIA-2025-1
Advisory Published
The REXML gem before 3.2.6 has a denial of service vulnerability when it
parses an XML that has many `<`s in an attribute value. (CVE-2024-35176)
The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses
an XML that has many specific characters such as `<`, `0` and `%>`.
(CVE-2024-39908)
The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses
an XML that has many specific characters such as whitespace character,
`>]` and `]>`. (CVE-2024-41123)
The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that
has many entity expansions with SAX2 or pull parser API.
(CVE-2024-41946)
The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML
that has many deep elements that have same local name attributes.
(CVE-2024-43398)
The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an
XML that has many digits between &# and x...; in a hex numeric character
reference (&#x...;). (CVE-2024-49761)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ruby | 0 (affected), 3.1.5-46.mga9 (unaffected), 0 (affected), 3.1.5-46.mga9 (unaffected) | — |
| Mageia | mageia-repos | 0 (affected), 9-3.mga9 (unaffected) | — |
| Mageia | meta-task | 0 (affected), 9-3.mga9 (unaffected) | — |
| Mageia | nvidia-current | 0 (affected), 550.142-3.mga9.nonfree (unaffected) | — |
| Mageia | ldetect-lst | 0 (affected), 0.6.59-1.mga9 (unaffected) | — |
| Mageia | nvidia470 | 0 (affected), 470.256.02-3.mga9.nonfree (unaffected) | — |
Aliases
References
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.