CVE-2024-49761: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex…

medium6.6CVSS 3.1

AVNACLATNPRNUINVCNVINVAHSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
apple	macos_sequoia	—	—
apple	macos_sonoma	—	—
apple	macos_tahoe	—	—
debian	ruby2.7	< ruby2.7 2.7.4-1+deb11u3 (bullseye)	ruby2.7 2.7.4-1+deb11u3 (bullseye)
debian	ruby3.1	< ruby2.7 2.7.4-1+deb11u3 (bullseye)	ruby2.7 2.7.4-1+deb11u3 (bullseye)
debian	ruby3.3	< ruby2.7 2.7.4-1+deb11u3 (bullseye)	ruby2.7 2.7.4-1+deb11u3 (bullseye)
msrc	azl3_ruby_3.3.5-1_on_azure_linux_3.0	—	—
msrc	azl3_ruby_3.3.5-3_on_azure_linux_3.0	—	—
msrc	azl3_rubygem-rexml_3.3.9-1_on_azure_linux_3.0	—	—
msrc	azl3_rubygem-rexml_3.3.9-2_on_azure_linux_3.0	—	—
msrc	azure_linux_3.0_arm	—	—
msrc	azure_linux_3.0_x64	—	—
msrc	cbl2_ruby_3.1.4-8_on_cbl_mariner_2.0	—	—
msrc	cbl2_ruby_3.1.4-9_on_cbl_mariner_2.0	—	—
msrc	cbl2_rubygem-rexml_3.2.7-3_on_cbl_mariner_2.0	—	—
msrc	cbl2_rubygem-rexml_3.2.7-4_on_cbl_mariner_2.0	—	—
msrc	cbl_mariner_2.0_arm	—	—
msrc	cbl_mariner_2.0_x64	—	—
netapp	ontap_tools	—	—
ruby-lang	rexml	< 3.3.9	3.3.9
ruby-lang	rexml	>= 0 < 3.3.9	3.3.9

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

nvdv4.06.6MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

osv6.6MEDIUM