VDB

GCVE-110-MAGEIA-2025-1

GCVE-110-MAGEIA-2025-1
Advisory Published
Vulnetix · Advisory published January 4, 2025
The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. (CVE-2024-35176) The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. (CVE-2024-39908) The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. (CVE-2024-41123) The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. (CVE-2024-41946) The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. (CVE-2024-43398) The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). (CVE-2024-49761)

Affected Products

VendorProductVersionsPlatforms
Mageiaruby0 (affected), 3.1.5-46.mga9 (unaffected), 0 (affected), 3.1.5-46.mga9 (unaffected)
Mageiamageia-repos0 (affected), 9-3.mga9 (unaffected)
Mageiameta-task0 (affected), 9-3.mga9 (unaffected)
Mageianvidia-current0 (affected), 550.142-3.mga9.nonfree (unaffected)
Mageialdetect-lst0 (affected), 0.6.59-1.mga9 (unaffected)
Mageianvidia4700 (affected), 470.256.02-3.mga9.nonfree (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›