{"id":"CVE-2024-41123","summary":"REXML DoS vulnerability","details":"REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `\u003e]` and `]\u003e`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.","aliases":["GHSA-r55c-59qm-vjw6"],"modified":"2026-04-17T13:29:22.433990228Z","published":"2024-08-01T14:18:43.611Z","related":["ALSA-2024:6670","ALSA-2024:6784","ALSA-2024:6785","ALSA-2025:4063","ALSA-2025:4488","CGA-qjf2-jw9x-ghg8","GHSA-4xqq-m2hx-25v8","GHSA-r55c-59qm-vjw6","GHSA-vg3r-rm7w-2xgh","SUSE-SU-2024:3874-1","openSUSE-SU-2025:0129-1"],"database_specific":{"cwe_ids":["CWE-400"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41123.json"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html"},{"type":"WEB","url":"https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41123.json"},{"type":"ADVISORY","url":"https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8"},{"type":"ADVISORY","url":"https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6"},{"type":"ADVISORY","url":"https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41123"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241227-0005/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ruby/rexml","events":[{"introduced":"1cf37bab79d61d6183bbda8bf525ed587012b718"},{"fixed":"e4a067e11235a2ec7a00616d41350485e384ec05"}]}],"versions":["v3.2.8","v3.2.9","v3.3.0","v3.3.1","v3.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41123.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}