REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
CVE ID: CVE-2024-41946
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
Vendor: ruby
Product: rexml
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 26.23% (scored less or equal to compared to others)
EPSS Date: 2025-02-15 (when was this score calculated)