vulnerability
Rocky Linux: CVE-2024-49761: pcs (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jul 29, 2025 | Feb 5, 2026 | Feb 9, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jul 29, 2025
Added
Feb 5, 2026
Modified
Feb 9, 2026
Description
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
Solutions
rocky-upgrade-pcsrocky-upgrade-pcs-snmprocky-upgrade-rubyrocky-upgrade-ruby-bundled-gemsrocky-upgrade-ruby-bundled-gems-debuginforocky-upgrade-ruby-debuginforocky-upgrade-ruby-debugsourcerocky-upgrade-ruby-develrocky-upgrade-ruby-libsrocky-upgrade-ruby-libs-debuginforocky-upgrade-rubygem-bigdecimalrocky-upgrade-rubygem-bigdecimal-debuginforocky-upgrade-rubygem-bsonrocky-upgrade-rubygem-bson-debuginforocky-upgrade-rubygem-bson-debugsourcerocky-upgrade-rubygem-io-consolerocky-upgrade-rubygem-io-console-debuginforocky-upgrade-rubygem-jsonrocky-upgrade-rubygem-json-debuginforocky-upgrade-rubygem-mysql2rocky-upgrade-rubygem-mysql2-debuginforocky-upgrade-rubygem-mysql2-debugsourcerocky-upgrade-rubygem-opensslrocky-upgrade-rubygem-openssl-debuginforocky-upgrade-rubygem-pgrocky-upgrade-rubygem-pg-debuginforocky-upgrade-rubygem-pg-debugsourcerocky-upgrade-rubygem-psychrocky-upgrade-rubygem-psych-debuginforocky-upgrade-rubygem-rbsrocky-upgrade-rubygem-rbs-debuginfo
References
- CVE-2024-49761
- https://attackerkb.com/topics/CVE-2024-49761
- CWE-1333
- URL-https://errata.rockylinux.org/RLSA-2024:10834
- URL-https://errata.rockylinux.org/RLSA-2024:10850
- URL-https://errata.rockylinux.org/RLSA-2024:10858
- URL-https://errata.rockylinux.org/RLSA-2024:10860
- URL-https://errata.rockylinux.org/RLSA-2025:11047
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.