CVEFinder.io

CVE-2024-41946

🔶 medium
🔍 Scan for this CVE
Summary

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

CVSS Score
5.3
Medium
EPSS Score
0.7
Exploit Probability
Published Date
2024-08-01
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 329,456 vulnerabilities in our database.

#264,595
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Aug 1, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-11-03
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-400

📦 Affected Products 1

Vendor Product Status Affected Versions
ruby-lang rexml Affected
< 3.3.3

🔗 References 6

https://github.com/ruby/rexml/commit/033d1909a8f259d...
Patch
https://github.com/ruby/rexml/security/advisories/GH...
Vendor Advisory
https://www.ruby-lang.org/en/news/2008/08/23/dos-vul...
Not Applicable
https://www.ruby-lang.org/en/news/2024/08/01/dos-rex...
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/01...
https://security.netapp.com/advisory/ntap-20250117-0...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-58767 🔶 medium 5.3 0.0 REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing... 2025-09-17
CVE-2024-49761 ⚠️ high 7.5 1.2 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has ma... 2024-10-28
CVE-2024-43398 🔶 medium 5.9 1.2 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many... 2024-08-22
CVE-2024-41123 🔶 medium 5.3 0.2 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has... 2024-08-01
CVE-2024-39908 🔶 medium 4.3 5.6 REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that ha... 2024-07-16
CVE-2024-35176 🔶 medium 5.3 6.9 REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XM... 2024-05-16
These CVEs affect the same products