CVE-2024-41123
published 2024-08-01CVE-2024-41123: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.28%
66.5th percentile
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby2.7 | < ruby2.7 2.7.4-1+deb11u3 (bullseye) | ruby2.7 2.7.4-1+deb11u3 (bullseye) |
| debian | ruby3.1 | < ruby2.7 2.7.4-1+deb11u3 (bullseye) | ruby2.7 2.7.4-1+deb11u3 (bullseye) |
| debian | ruby3.3 | < ruby2.7 2.7.4-1+deb11u3 (bullseye) | ruby2.7 2.7.4-1+deb11u3 (bullseye) |
| ruby-lang | rexml | < 3.2.7 | 3.2.7 |
| ruby-lang | rexml | >= 3.2.8 < 3.3.2 | 3.3.2 |
| ruby | rexml | < 3.3.3 | 3.3.3 |
| ruby | rexml | >= 0 < 3.3.3 | 3.3.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
osv·2025-10-27·CVSS 5.3
CVE-2024-35176 [MEDIUM] ruby2.3, ruby2.5, ruby2.7 vulnerabilities
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with repeated instances of certain
characters. An attacker could possibly use this issue to cause REXML to
consume excessive resources, leading to a denial of service. Ubuntu 18.04
LTS and Ubuntu 20.04 LTS were previously addressed in USN-7256-1 and
USN-7734-1. This update addresses the issue in Ubuntu 16.04 LTS.
(CVE-2024-35176)
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with repeated instances of certain
characters. An attacker could possibly use this issue to cause REXML to
consume excessive resources, leading to a denial of service. Ubuntu 20.04
LTS was previously addressed in USN-7256-1. T
OSV
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
osv·2025-04-07·CVSS 5.3
CVE-2024-35176 [MEDIUM] ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-25186)
OSV
ruby2.7 vulnerabilities
osv·2024-11-21·CVSS 5.3
CVE-2024-35176 [MEDIUM] ruby2.7 vulnerabilities
ruby2.7 vulnerabilities
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the
corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and
CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many entity expansions with SAX2 or pull parser API. An attacker
could use this issue to cause Ruby to crash
OSV
ruby3.0, ruby3.2, ruby3.3 vulnerabilities
osv·2024-11-05·CVSS 5.3
CVE-2024-35176 [MEDIUM] ruby3.0, ruby3.2, ruby3.3 vulnerabilities
ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a denial
of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04
LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many entity expansions with SAX2 or pull parser API. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-41946)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many digits in a hex numeric character reference. An attacker
could use
GHSA
REXML DoS vulnerability
ghsa·2024-08-01
CVE-2024-41123 [MEDIUM] CWE-400 REXML DoS vulnerability
REXML DoS vulnerability
### Impact
The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
### Patches
The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
### Workarounds
Don't parse untrusted XMLs.
### References
* https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
* https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/: An announce on www.ruby-lang.org
OSV
CVE-2024-41123: REXML is an XML toolkit for Ruby
osv·2024-08-01·CVSS 7.5
CVE-2024-41123 [HIGH] CVE-2024-41123: REXML is an XML toolkit for Ruby
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
OSV
REXML DoS vulnerability
osv·2024-08-01
CVE-2024-41123 [MEDIUM] REXML DoS vulnerability
REXML DoS vulnerability
### Impact
The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
### Patches
The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
### Workarounds
Don't parse untrusted XMLs.
### References
* https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
* https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 : This is a similar vulnerability
* https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/: An announce on www.ruby-lang.org
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2025-10-27·CVSS 5.3
CVE-2024-47220 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with repeated instances of certain
characters. An attacker could possibly use this issue to cause REXML to
consume excessive resources, leading to a denial of service. Ubuntu 18.04
LTS and Ubuntu 20.04 LTS were previously addressed in USN-7256-1 and
USN-7734-1. This update addresses the issue in Ubuntu 16.04 LTS.
(CVE-2024-35176)
It was discovered that the REXML module bunded into Ruby incorrectly
handled parsing XML documents with repeated instances of certain
characters. An attacker could possibly use this issue to cause REXML to
consume excessive resources, leading to a denial of service. Ubuntu 20.04
LTS w
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2025-04-07·CVSS 5.3
CVE-2024-35176 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 24.10. (CVE-2024-35176, CVE-2024-39908,
CVE-2024-41123, CVE-2024-43398)
It was discovered that Ruby incorrectly handled expanding ranges in the
net-imap response parser. If a user or automated system were tricked into
connecting to a malicious IMAP server, a remote attacker could possibly use
this issue to consume memory, leading to a denial of service. This issue
only affected Ubuntu 24.04 LTS, and
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2024-11-21·CVSS 5.3
CVE-2024-35176 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the
corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and
CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many entity expansions with SAX2 or pull parser AP
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2024-11-05·CVSS 5.3
CVE-2024-35176 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a denial
of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04
LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many entity expansions with SAX2 or pull parser API. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-41946)
It was discovered that Ruby incorrectly handled parsing of an XML document
that has many digits in a hex numeric cha
Red Hat
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>
vendor_redhat·2024-08-01·CVSS 5.3
CVE-2024-41123 [MEDIUM] CWE-400 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>
rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
A vulnerability was found in REXML, an XML toolkit used for Ruby. When parsing an untrusted XML with many specific characters, the REXML gem may take a long time, leading to a denial of service condition. Some of these special characters include the whitespace character, '>]', and ']>'.
Statement: Red Hat believes this flaw to be moderate because a potential denial of service condition would create minimal
Debian
CVE-2024-41123: ruby2.7 - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulner...
vendor_debian·2024·CVSS 5.3
CVE-2024-41123 [MEDIUM] CVE-2024-41123: ruby2.7 - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulner...
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
Scope: local
bullseye: resolved (fixed in 2.7.4-1+deb11u3)
No detection rules found.
No public exploits indexed.
https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xghhttps://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123https://lists.debian.org/debian-lts-announce/2025/01/msg00011.htmlhttps://security.netapp.com/advisory/ntap-20241227-0005/
2024-08-01
Published