RHSA-2025:4063MediumCVSS 5.9
Red Hat Security Advisory: ruby:3.1 security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2024-39908 — rexml: DoS vulnerability in REXML CVE-2024-41123 — rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> CVE-2024-41946 — rexml: DoS vulnerability in REXML CVE-2024-43398 — rexml: DoS vulnerability in REXML CVE-2025-27219 — CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27220 — CGI: ReDoS in CGI::Util#escapeElement CVE-2025-27221 — uri: userinfo leakage in URI#join, URI#merge and URI#+
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2025:4063
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2298243
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2302268
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2302272
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2307297
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2349696
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2349699
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2349700
- externalhttps://issues.redhat.com/browse/RHEL-55408
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4063.json