CVE-2022-24836
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-24836
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24836.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-24836
- Aliases
- Downstream
- Related
- Published
- 2022-04-11T00:00:00Z
- Modified
- 2025-10-20T20:03:00.037215Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Inefficient Regular Expression Complexity in Nokogiri
- Details
-
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri
< v1.13.4contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri>= 1.13.4. There are no known workarounds for this issue. - Database specific
{ "cwe_ids": [ "CWE-1333", "CWE-400" ] }- References
-
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
- https://security.gentoo.org/glsa/202208-29
- http://seclists.org/fulldisclosure/2022/Dec/23
- https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
- https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
- https://lists.debian.org/debian-lts-announce/2024/09/msg00010.html
- https://support.apple.com/kb/HT213532
Affected packages
Git / github.com/sparklemotion/nokogiri
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sparklemotion/nokogiri
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.7.0.1-linux-binary1
REL_1.*
REL_1.0.0
REL_1.0.1
REL_1.0.2
REL_1.0.3
REL_1.0.4
REL_1.0.5
REL_1.0.6
REL_1.0.7
REL_1.1.0
REL_1.1.1
REL_1.2.0
REL_1.2.1
REL_1.2.2
REL_1.2.3
REL_1.3.0
REL_1.3.0rc1
REL_1.3.1
REL_1.3.2
REL_1.3.3
REL_1.4.0
REL_1.4.1
REL_1.4.2
REL_1.4.3
REL_1.4.3.1
REL_1.5.0.beta.1
REL_1.5.0.beta.2
v1.*
v1.10.0
v1.10.0.rc1
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.0.rc1
v1.11.0.rc2
v1.11.0.rc3
v1.11.0.rc4
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.12.0.rc1
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.4.4
v1.4.4.1
v1.4.4.2
v1.5.0
v1.5.0.beta.3
v1.5.0.beta.4
v1.5.1
v1.5.1.rc1
v1.5.2
v1.5.3
v1.5.3.rc1
v1.5.3.rc3
v1.5.3.rc4
v1.5.3.rc5
v1.5.3.rc6
v1.5.4
v1.5.4.rc1
v1.5.4.rc2
v1.5.4.rc3
v1.5.5
v1.5.5.rc1
v1.5.5.rc2
v1.5.5.rc3
v1.5.6
v1.5.6.rc1
v1.5.6.rc2
v1.5.7
v1.5.7.rc1
v1.5.7.rc2
v1.5.7.rc3
v1.5.8
v1.5.9
v1.6.0
v1.6.0.rc1
v1.6.2
v1.6.2.1
v1.6.2.beta.1
v1.6.2.rc1
v1.6.2.rc2
v1.6.2.rc3
v1.6.3
v1.6.3.1
v1.6.3.rc1
v1.6.3.rc2
v1.6.3.rc3
v1.6.4
v1.6.5
v1.6.6
v1.6.6.1
v1.6.6.2
v1.6.7.rc1
v1.6.7.rc2
v1.6.7.rc3
v1.6.7.rc4
v1.6.8
v1.6.8.rc1
v1.6.8.rc2
v1.6.8.rc3
v1.7.0
v1.7.0.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.0.rc1
v1.9.1