CVE-2024-39908
ADVISORY - githubSummary
Impact
The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <, 0 and %>.
If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities.
Patches
The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities.
Workarounds
Don't parse untrusted XMLs.
References
- https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability
- https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
EPSS Score: 0.05546 (0.898)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Uncontrolled Resource Consumption
ADVISORY - github
Uncontrolled Resource Consumption
ADVISORY - gitlab
ADVISORY - redhat
Uncontrolled Resource Consumption
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in