CVE-2024-35176

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published May 16, 2024

Updated: May 17, 2024

CWE ID 400

CWE ID 770

Summary

CVE-2024-35176 is a denial-of-service vulnerability affecting the REXML gem, an XML toolkit for Ruby, prior to version 3.2.6. The issue arises when REXML encounters an XML document with a large number of "<" characters in an attribute value. This vulnerability could potentially impact users who process untrusted XML data. To mitigate this risk, users are advised to upgrade to REXML version 3.2.7 or later, which includes a patch to resolve the issue. As a temporary measure, it is recommended not to parse untrusted XML data with the REXML gem.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/v3EQ00
https://www.cve.org/CVERecord?id=CVE-2024-35176
https://nvd.nist.gov/vuln/detail/CVE-2024-35176

Back to Vulnerability Database

CVE-2024-35176

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations