Added CVE-2024-41123 and CVE-2024-41946 for the rexml gem (#798)

---------

Co-authored-by: Postmodern <[email protected]>

Author: jasnow

gems/rexml/CVE-2024-41123.yml

@@ -0,0 +1,35 @@
+---
+gem: rexml
+cve: 2024-41123
+url: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123
+title: DoS vulnerabilities in REXML
+date: 2024-08-01
+description: |
+  There are some DoS vulnerabilities in REXML gem.
+  These vulnerabilities have been assigned the CVE identifier
+  CVE-2024-41123. We strongly recommend upgrading the REXML gem.
+
+  ## Details
+
+  When parsing an XML document that has many specific characters such
+  as whitespace character, >] and ]>, REXML gem may take long time.
+
+  Please update REXML gem to version 3.3.3 or later.
+
+  ## Affected versions
+
+  * REXML gem 3.3.2 or prior
+
+  ## Credits
+
+  Thanks to mprogrammer and scyoon for discovering these issues.
+
+  ## History
+
+  Originally published at 2024-08-01 03:00:00 (UTC)
+
+patched_versions:
+  - ">= 3.3.3"
+related:
+  url:
+    - https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123

gems/rexml/CVE-2024-41946.yml

@@ -0,0 +1,35 @@
+---
+gem: rexml
+cve: 2024-41946
+url: https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946
+title: DoS vulnerabilities in REXML
+date: 2024-08-01
+description: |
+  There is a DoS vulnerability in REXML gem.
+  This vulnerability has been assigned the CVE identifier
+  CVE-2024-41946. We strongly recommend upgrading the REXML gem.
+
+  ## Details
+
+  When parsing an XML that has many entity expansions with SAX2 or
+  pull parser API, REXML gem may take long time.
+
+  Please update REXML gem to version 3.3.3 or later.
+
+  ## Affected versions
+
+  * REXML gem 3.3.2 or prior
+
+  ## Credits
+
+  Thanks to NAITOH Jun for discovering and fixing this issue.
+
+  ## History
+
+  Originally published at 2024-08-01 03:00:00 (UTC)
+
+patched_versions:
+  - ">= 3.3.3"
+related:
+  url:
+    - https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946