How severe is CVE-2024-43398?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-43398?

This is classified as CWE-776, which is a common weakness in software security.

CVE-2024-43398

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-776

View all →

Vulnerability Description

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.

CVE-2024-1455

MEDIUM

CVSS:5.9(Medium)

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML docu...

CWE-7762024

CVE-2024-27141

MEDIUM

CVSS:5.9(Medium)

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) ...

CWE-7762024

CVE-2024-27142

MEDIUM

CVSS:5.9(Medium)

CWE-7762024

CVE-2025-0617

MEDIUM

CVSS:5.9(Medium)

An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity ...

CWE-7762025

CVE-2017-5644

MEDIUM

CVSS:5.5(Medium)

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CWE-7762017

CVE-2021-31842

MEDIUM

CVSS:5.5(Medium)

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulti...

CWE-7762021

CVE-2024-43398

Vulnerability Description

Related Vulnerabilities

CVE-2024-1455

CVE-2024-27141

CVE-2024-27142

CVE-2025-0617

CVE-2017-5644

CVE-2021-31842