Vulnerability Database
Blog
FAQ
Docs
GHSA-x2fm-93ww-ggvx
Suggest an improvement
Source
https://github.com/advisories/GHSA-x2fm-93ww-ggvx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x2fm-93ww-ggvx/GHSA-x2fm-93ww-ggvx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x2fm-93ww-ggvx
Aliases
CVE-2017-16932
Published
2022-05-13T01:02:39Z
Modified
2024-02-20T05:31:49.445749Z
Severity
7.5 (High)
CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Calculator
Summary
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Details
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-16932
https://github.com/sparklemotion/nokogiri/issues/1714
https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
https://bugzilla.gnome.org/show_bug.cgi?id=759579
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
https://usn.ubuntu.com/3739-1
http://xmlsoft.org/news.html
Affected packages
RubyGems
/
nokogiri
Package
Name
nokogiri
Purl
pkg:gem/nokogiri
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1.8.1
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.2.1
1.4.3
1.4.3.1
1.4.4
1.4.4.1
1.4.4.2
1.4.5
1.4.6
1.4.7
1.5.0.beta.1
1.5.0.beta.2
1.5.0.beta.3
1.5.0.beta.4
1.5.0
1.5.1.rc1
1.5.1
1.5.2
1.5.3.rc2
1.5.3.rc3
1.5.3.rc4
1.5.3.rc5
1.5.3.rc6
1.5.3
1.5.4.rc1
1.5.4.rc2
1.5.4.rc3
1.5.4
1.5.5.rc1
1.5.5.rc2
1.5.5.rc3
1.5.5
1.5.6.rc1
1.5.6.rc2
1.5.6.rc3
1.5.6
1.5.7.rc1
1.5.7.rc2
1.5.7.rc3
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.6.0.rc1
1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1
1.6.7.2
1.6.8.rc1
1.6.8.rc2
1.6.8.rc3
1.6.8
1.6.8.1
1.7.0
1.7.0.1
1.7.1
1.7.2
1.8.0
GHSA-x2fm-93ww-ggvx - OSV