GHSA-q7wx-62r7-j2x7

Suggest an improvement
Source
https://github.com/advisories/GHSA-q7wx-62r7-j2x7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-q7wx-62r7-j2x7/GHSA-q7wx-62r7-j2x7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q7wx-62r7-j2x7
Aliases
Published
2018-08-08T22:31:12Z
Modified
2023-11-01T05:18:03.392470Z
Summary
Nokogiri vulnerable to libxml XML Entity Expansion
Details

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

References

Affected packages

RubyGems / nokogiri

Package

Name
nokogiri
Purl
pkg:gem/nokogiri

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.6.0
Fixed
1.6.6.4

Affected versions

1.*

1.6.6.1
1.6.6.2
1.6.6.3

Database specific

{
    "last_known_affected_version_range": "<= 1.6.6.3"
}