CVEFinder.io

CVE-2024-35176

🔶 medium
🔍 Scan for this CVE
Summary

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.

CVSS Score
5.3
Medium
EPSS Score
6.9
Exploit Probability
Published Date
2024-05-16
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 329,456 vulnerabilities in our database.

#264,595
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 16, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-11-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-400 CWE-770

📦 Affected Products 1

Vendor Product Status Affected Versions
ruby-lang rexml Affected
< 3.2.7

🔗 References 5

https://github.com/ruby/rexml/commit/4325835f92f3f14...
Patch
https://github.com/ruby/rexml/security/advisories/GH...
Vendor Advisory
https://www.ruby-lang.org/en/news/2024/05/16/dos-rex...
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/01...
https://security.netapp.com/advisory/ntap-20250306-0...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-58767 🔶 medium 5.3 0.0 REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing... 2025-09-17
CVE-2024-49761 ⚠️ high 7.5 1.2 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has ma... 2024-10-28
CVE-2024-43398 🔶 medium 5.9 1.2 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many... 2024-08-22
CVE-2024-41123 🔶 medium 5.3 0.2 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has... 2024-08-01
CVE-2024-41946 🔶 medium 5.3 0.7 REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity... 2024-08-01
CVE-2024-39908 🔶 medium 4.3 5.6 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that ha... 2024-07-16
These CVEs affect the same products