Skip to main content

Rexml

3 CVEs product

Monthly

CVE-2025-58767 Ruby LOW PATCH Monitor

REXML is an XML toolkit for Ruby. Rated low severity (CVSS 1.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rexml
NVD GitHub
CVSS 4.0
1.2
EPSS
0.0%
CVE-2024-35176 Ruby MEDIUM PATCH This Month

REXML is an XML toolkit for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rexml
NVD GitHub
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-28965 Ruby HIGH PATCH This Week

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexml Ruby Fedora
NVD
CVSS 3.1
7.5
EPSS
5.1%
EPSS 0% CVSS 1.2
LOW PATCH Monitor

REXML is an XML toolkit for Ruby. Rated low severity (CVSS 1.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rexml
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

REXML is an XML toolkit for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rexml
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexml Ruby +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy