CVE-2024-35176

ADVISORY - github

Summary

Impact

The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many >s in an attribute value.

If you need to parse untrusted XMLs, you may be impacted to this vulnerability.

Patches

The REXML gem 3.2.7 or later include the patch to fix this vulnerability.

Workarounds

Don't parse untrusted XMLs.

References

https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/

EPSS Score⁠: 0.07078 (0.911)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400⁠

Uncontrolled Resource Consumption

CWE-770⁠

Allocation of Resources Without Limits or Throttling

ADVISORY - github

CWE-400⁠

Uncontrolled Resource Consumption

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-400⁠

Uncontrolled Resource Consumption

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

(CWE-400|CWE-770)⁠

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

6 days ago

ADVISORY IDCVE-2024-35176⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠CWE-770⁠

CVSS SCORE

5.3medium

GitHub

CREATED

1 year ago

UPDATED

6 days ago

ADVISORY IDGHSA-vg3r-rm7w-2xgh⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠

CVSS SCORE

5.3medium

Debian

CREATED

1 year ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-35176⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 year ago

UPDATED

13 days ago

ADVISORY IDCVE-2024-35176⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GitLab

CREATED

1 year ago

UPDATED

2 months ago

ADVISORY ID

CVE-2024-35176

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-400⁠CWE-937⁠

CVSS SCORE

5.3medium

Alma

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALSA-2024:4499⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDALSA-2024:5338⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Amazon

CREATED

8 months ago

UPDATED

7 months ago

ADVISORY IDALAS2023-2025-921⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

1 year ago

UPDATED

8 months ago

ADVISORY IDCVE-2024-35176⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

(CWE-400|CWE-770)⁠

CVSS SCORE

5.3low

Rocky

CREATED

1 year ago

UPDATED

8 months ago

ADVISORY IDRLSA-2024:4499⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Rocky

CREATED

6 months ago

UPDATED

6 months ago

ADVISORY IDRLSA-2024:5338⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDELSA-2024-4499⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDELSA-2024-5338⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-2237-mq7r-x77x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-2583-v855-mmq2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-59pv-c77v-v47g

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-98r3-6hf8-2c4m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-h6gp-72jh-xc9h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-ppg3-gjfr-68f3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-q3h7-v2w8-c926

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-w995-jp2x-p8gc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-wxwx-mfr5-9j7c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

intheWild

CREATED

11 months ago

UPDATED

8 months ago

ADVISORY IDCVE-2024-35176⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY ID

MINI-x6v9-jrw8-6vm5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY