MGASA-2022-0200

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0200.html

Import Source

https://advisories.mageia.org/MGASA-2022-0200.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0200

Related

CVE-2022-29181

Published

2022-05-22T11:26:36Z

Modified

2022-05-22T10:43:19Z

Summary

Updated ruby-nokogiri packages fix security vulnerability

Details

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a 'String' by calling '#to_s' or equivalent.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / ruby-nokogiri

Package

Name: ruby-nokogiri
Purl: pkg:rpm/mageia/ruby-nokogiri?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.7-1.1.mga8

Ecosystem specific

{
    "section": "core"
}