CVE-2024-41123Uncontrolled Resource Consumption in Rexml

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling14 documents7 sources
Severity
7.5HIGHNVD
CNA5.3OSV5.3
EPSS
0.2%
top 53.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Ruby RexmlRuby-lang Rexml
Timeline
PublishedAug 1
Latest updateOct 27

Description

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ruby/rexml< 3.3.3
NVDruby-lang/rexml3.2.83.3.2+1

🔴Vulnerability Details

7
OSV
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities2025-04-07
OSV
ruby2.7 vulnerabilities2024-11-21
OSV
ruby3.0, ruby3.2, ruby3.3 vulnerabilities2024-11-05
GHSA
REXML DoS vulnerability2024-08-01
CVEList
REXML DoS vulnerability2024-08-01

📋Vendor Advisories

6
Ubuntu
Ruby vulnerabilities2025-10-27
Ubuntu
Ruby vulnerabilities2025-04-07
Ubuntu
Ruby vulnerabilities2024-11-21
Ubuntu
Ruby vulnerabilities2024-11-05
Red Hat
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>2024-08-01
CVE-2024-41123 — Uncontrolled Resource Consumption | cvebase