GHSA-7hp2-xwpj-95jq

Suggest an improvement
Source
https://github.com/advisories/GHSA-7hp2-xwpj-95jq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7hp2-xwpj-95jq/GHSA-7hp2-xwpj-95jq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7hp2-xwpj-95jq
Aliases
Published
2018-09-17T21:53:42Z
Modified
2023-11-01T04:46:22.191827Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of service or RCE from libxml2 and libxslt
Details

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

References

Affected packages

RubyGems / nokogiri

Package

Name
nokogiri
Purl
pkg:gem/nokogiri

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0
Fixed
1.6.8

Affected versions

1.*

1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1
1.6.7.2
1.6.8.rc1
1.6.8.rc2
1.6.8.rc3