MGASA-2025-0001

The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s in an attribute value. (CVE-2024-35176) The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as <, 0 and %>. (CVE-2024-39908) The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, >] and ]>. (CVE-2024-41123) The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. (CVE-2024-41946) The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. (CVE-2024-43398) The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). (CVE-2024-49761)