Latest nokogiri nokogiri Vulnerabilities

CVE-2022-23476
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML...
Nokogiri Nokogiri=1.13.8
Nokogiri Nokogiri=1.13.9
CVE-2022-29181
### Summary Nokogiri `< v1.13.6` does not type-check all inputs into the XML and HTML4 SAX parsers. For CRuby users, this may allow specially crafted untrusted inputs to cause illegal memory access e...
Nokogiri Nokogiri<1.13.6
Apple macOS>=13.0<13.1
rubygems/nokogiri<1.13.6
CVE-2022-24836
## Summary Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. ## Mitigation Upgrade...
redhat/rubygem-nokogiri<0:1.13.8-1.el8
rubygems/nokogiri<1.13.4
Nokogiri Nokogiri<1.13.4
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 5 more
CVE-2021-41098
### Severity The Nokogiri maintainers have evaluated this as [**High Severity** 7.5 (CVSS3.0)](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C/MAV...
Nokogiri Nokogiri<1.12.5
CVE-2020-26247
### Severity Nokogiri maintainers have evaluated this as [__Low Severity__ (CVSS3 2.6)](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N). ### Description In ...
rubygems/nokogiri<=1.10.10
<1.11.0
=1.11.0-rc1
=1.11.0-rc2
=1.11.0-rc3
=9.0
and 8 more
CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
debian/ruby-nokogiri
Nokogiri Nokogiri>=1.5.0<1.5.11
Nokogiri Nokogiri>=1.6.0<1.6.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
debian/ruby-nokogiri
Nokogiri Nokogiri>=1.5.0<1.5.11
Nokogiri Nokogiri>=1.6.0<1.6.1
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 6 more
CVE-2019-5477
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented meth...
rubygems/rexical<1.0.7
rubygems/nokogiri<1.10.4
Nokogiri Nokogiri<=1.10.3
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
and 10 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203