GHSA-59gp-qqm7-cw4j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-59gp-qqm7-cw4j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-59gp-qqm7-cw4j/GHSA-59gp-qqm7-cw4j.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-59gp-qqm7-cw4j
- Aliases
- Published
- 2022-05-24T19:09:47Z
- Modified
- 2023-11-01T06:19:38.837795Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Nokogiri has vulnerable dependencies on libxml2 and libxslt
- Details
-
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- Database specific
{ "severity": "HIGH", "nvd_published_at": "2021-08-03T19:15:00Z", "github_reviewed": true, "cwe_ids": [ "CWE-416" ], "github_reviewed_at": "2023-06-23T21:37:02Z" }- References
-
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
- https://nvd.nist.gov/vuln/detail/CVE-2021-30560
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
- https://crbug.com/1219209
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml
- https://github.com/sparklemotion/nokogiri
- https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
- https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
- https://security.gentoo.org/glsa/202310-23
- https://www.debian.org/security/2022/dsa-5216
Affected packages
RubyGems / nokogiri
Package
- Name
- nokogiri
- Purl
- pkg:gem/nokogiri
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.2
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.2.1
1.4.3
1.4.3.1
1.4.4
1.4.4.1
1.4.4.2
1.4.5
1.4.6
1.4.7
1.5.0.beta.1
1.5.0.beta.2
1.5.0.beta.3
1.5.0.beta.4
1.5.0
1.5.1.rc1
1.5.1
1.5.2
1.5.3.rc2
1.5.3.rc3
1.5.3.rc4
1.5.3.rc5
1.5.3.rc6
1.5.3
1.5.4.rc1
1.5.4.rc2
1.5.4.rc3
1.5.4
1.5.5.rc1
1.5.5.rc2
1.5.5.rc3
1.5.5
1.5.6.rc1
1.5.6.rc2
1.5.6.rc3
1.5.6
1.5.7.rc1
1.5.7.rc2
1.5.7.rc3
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.6.0.rc1
1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1
1.6.7.2
1.6.8.rc1
1.6.8.rc2
1.6.8.rc3
1.6.8
1.6.8.1
1.7.0
1.7.0.1
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.9.0.rc1
1.9.0
1.9.1
1.10.0.rc1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8
1.10.9
1.10.10
1.11.0.rc1
1.11.0.rc2
1.11.0.rc3
1.11.0.rc4
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.12.0.rc1
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.13.0
1.13.1