org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html
used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError
exception when parsing ill-formed HTML markup. Users are advised to upgrade to >= 1.9.22.noko2
. Note: The upstream library org.cyberneko.html
is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.
{ "vanir_signatures": [ { "signature_version": "v1", "deprecated": false, "target": { "file": "src/org/cyberneko/html/HTMLScanner.java" }, "source": "https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d", "digest": { "line_hashes": [ "162085203086676783445262590303505274103", "44068856813710640741043854333266296888", "300996526665314268531739130271894187639", "203104893267447267619225559189799286351" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2022-24839-5741f71c" }, { "signature_version": "v1", "deprecated": false, "target": { "file": "src/org/cyberneko/html/HTMLScanner.java", "function": "scanPI" }, "source": "https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d", "digest": { "length": 2692.0, "function_hash": "189295587538258004906619038337766323638" }, "signature_type": "Function", "id": "CVE-2022-24839-879d8e0d" } ] }