CVE-2024-41123 MEDIUM

CVE-2024-41123: REXML DoS vulnerability

Vendor Ruby
Product rexml
Weakness CWE-400
Published August 1, 2024
Last update November 3, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

Key dates

02Disclosure timeline

August 1, 2024 CVE published
November 3, 2025 Record updated