VYPR
Moderate severityNVD Advisory· Published May 16, 2024· Updated Nov 3, 2025

REXML contains a denial of service vulnerability

CVE-2024-35176

Description

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rexmlRubyGems
< 3.2.73.2.7

Affected products

108

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.