GHSA-r58r-74gx-6wx3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r58r-74gx-6wx3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r58r-74gx-6wx3/GHSA-r58r-74gx-6wx3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-r58r-74gx-6wx3
- Aliases
- Published
- 2022-05-14T02:19:17Z
- Modified
- 2023-11-01T05:17:38.856495Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Nokogiri gem, via libxml, is affected by DoS vulnerabilities
- Details
-
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- Database specific
{ "severity": "HIGH", "nvd_published_at": "2018-08-28T19:29:00Z", "github_reviewed": true, "cwe_ids": [ "CWE-416" ], "github_reviewed_at": "2023-08-26T00:20:04Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-15412
- https://github.com/sparklemotion/nokogiri/issues/1714
- https://access.redhat.com/errata/RHSA-2017:3401
- https://access.redhat.com/errata/RHSA-2018:0287
- https://bugzilla.gnome.org/show_bug.cgi?id=783160
- https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
- https://crbug.com/727039
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml
- https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
- https://security.gentoo.org/glsa/201801-03
- https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348
- https://www.debian.org/security/2018/dsa-4086
Affected packages
RubyGems / nokogiri
Package
- Name
- nokogiri
- Purl
- pkg:gem/nokogiri
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.2
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.2.1
1.4.3
1.4.3.1
1.4.4
1.4.4.1
1.4.4.2
1.4.5
1.4.6
1.4.7
1.5.0.beta.1
1.5.0.beta.2
1.5.0.beta.3
1.5.0.beta.4
1.5.0
1.5.1.rc1
1.5.1
1.5.2
1.5.3.rc2
1.5.3.rc3
1.5.3.rc4
1.5.3.rc5
1.5.3.rc6
1.5.3
1.5.4.rc1
1.5.4.rc2
1.5.4.rc3
1.5.4
1.5.5.rc1
1.5.5.rc2
1.5.5.rc3
1.5.5
1.5.6.rc1
1.5.6.rc2
1.5.6.rc3
1.5.6
1.5.7.rc1
1.5.7.rc2
1.5.7.rc3
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.6.0.rc1
1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1
1.6.7.2
1.6.8.rc1
1.6.8.rc2
1.6.8.rc3
1.6.8
1.6.8.1
1.7.0
1.7.0.1
1.7.1
1.7.2
1.8.0
1.8.1