Synthesis
Vulnerability found in the REXML toolkit for the Ruby programming language.
Risk
Estimated impact of vulnerability on the reference community: MEDIUM/YELLOW (63.46/100)1.
Type
- Denial of Service
Affected products and versions
REXML
- Version 3.3.1 and earlier
Mitigation actions
In line with the vendor’s statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
Unique vulnerability identifiers
References
https://github.com/ruby/rexml/releases/tag/v3.3.2
https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908
1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
