First published: Tue Nov 05 2019(Updated: )
It was discovered that Nokogiri incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/ruby-nokogiri | <1.10.3+dfsg1-2ubuntu0.1 | 1.10.3+dfsg1-2ubuntu0.1 |
Ubuntu Ubuntu | =19.10 | |
All of | ||
ubuntu/ruby-nokogiri | <1.10.0+dfsg1-2ubuntu0.1 | 1.10.0+dfsg1-2ubuntu0.1 |
Ubuntu Ubuntu | =19.04 | |
All of | ||
ubuntu/ruby-nokogiri | <1.8.2-1ubuntu0.1 | 1.8.2-1ubuntu0.1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/ruby-nokogiri | <1.6.7.2-3ubuntu0.1 | 1.6.7.2-3ubuntu0.1 |
Ubuntu Ubuntu | =16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Nokogiri vulnerability is CVE-2019-5477.
The severity of the Nokogiri vulnerability is not specified in the provided information.
A remote attacker can exploit the Nokogiri vulnerability by using it to execute arbitrary OS commands.
The versions of Ruby Nokogiri affected by this vulnerability are 1.10.3+dfsg1-2ubuntu0.1, 1.10.0+dfsg1-2ubuntu0.1, 1.8.2-1ubuntu0.1, and 1.6.7.2-3ubuntu0.1.
To fix the Nokogiri vulnerability, update the package 'ruby-nokogiri' to the specified remedial versions provided in the references.