REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6670 https://access.redhat.com/errata/RHSA-2024:6670
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:6702 https://access.redhat.com/errata/RHSA-2024:6702
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:6703 https://access.redhat.com/errata/RHSA-2024:6703
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6784 https://access.redhat.com/errata/RHSA-2024:6784
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6785 https://access.redhat.com/errata/RHSA-2024:6785