CVE-2024-41946

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41946

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41946.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-41946

Aliases

GHSA-5866-49gr-22v4

Downstream

ALPINE-CVE-2024-41946

DEBIAN-CVE-2024-41946

DLA-4018-1

ECHO-3a4a-5767-3e7d

MINI-6456-2g6w-5fmf

OESA-2024-2038

RHSA-2024:6670

RHSA-2024:6702

RHSA-2024:6703

RHSA-2024:6784

RHSA-2024:6785

RHSA-2025:4063

RHSA-2025:4488

RLSA-2024:6785

RLSA-2025:4063

RLSA-2025:4488

SUSE-SU-2024:3874-1

UBUNTU-CVE-2024-41946

USN-7091-1

USN-7091-2

openSUSE-SU-2025:0129-1

Related

Published

2024-08-01T14:22:14Z

Modified

2025-10-09T12:57:57.969210Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

REXML DoS vulnerability

Details

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

References

Affected packages

Git / github.com/ruby/rexml

Affected ranges

Type: GIT
Repo: https://github.com/ruby/rexml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e4a067e11235a2ec7a00616d41350485e384ec05

Type: GIT
Repo: https://github.com/ruby/rexml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e4a067e11235a2ec7a00616d41350485e384ec05

Affected versions

v3.*

v3.1.8

v3.1.9

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0

v3.3.1

v3.3.2