GHSA-7553-jr98-vx47

Опубликовано: 24 фев. 2020

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.

Ссылки

Пакеты

Наименование

nokogiri

rubygems

Затронутые версииВерсия исправления

< 1.10.8

1.10.8

EPSS

Процентиль: 64%

0.00466

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-7595

Дефекты

CWE-835

Связанные уязвимости

CVE-2020-7595

CVSS3: 7.5

ubuntu

около 6 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595

CVSS3: 7.5

redhat

около 6 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595

CVSS3: 7.5

nvd

около 6 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595

CVSS3: 7.5

msrc

больше 5 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595

CVSS3: 7.5

debian

около 6 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...

EPSS

Процентиль: 64%

0.00466

Низкий

7.5 High

CVSS3

CVE ID

CVE-2020-7595

Дефекты

CWE-835