INFCSA-2024:10858: ruby security update
Information about definition
Identificator: INFCSA-2024:10858
Type: security
Release date: 2025-09-24 19:51:59 UTC
Information about package
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Vulnerabilities description
- CVE-2024-49761
A flaw was found in the REXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between &# and x...; in a hex numeric character reference (&#x...;) can trigger a regular expression denial of service (ReDoS) condition, leading to a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-49761
|
no information | 7.5 | no information |
Updated packages
Preparing to download...