You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 35176
About this tag
CVE-2024-35176 is a vulnerability in the REXML library that affects Microsoft products. Microsoft has publicly attested that Azure Linux includes the REXML library, confirming its presence in that product. However, this attestation does not prove the absence of the vulnerable component in other Microsoft products. Users should treat the Azure Linux VEX/CSAF statement as a confirmed signal for that product, but consider all other Microsoft software as unverified until an official attestation or patch is published. The discussion emphasizes the importance of inspecting your Microsoft estate for this CVE rather than relying solely on Azure Linux attestations.
Microsoft’s public attestation that Azure Linux includes the REXML library is accurate and authoritative for that product, but it is not proof that no other Microsoft product contains the vulnerable open‑source component; absence of attestations is not proof of absence. Treat the Azure Linux...