CVE-2019-5477

Опубликовано: 16 авг. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

Ссылки

https://github.com/sparklemotion/nokogiri/issues/1915
Patch
Third Party Advisory
https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
Release Notes
https://hackerone.com/reports/650835
Permissions Required
https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202006-05
Third Party Advisory
https://usn.ubuntu.com/4175-1/
Third Party Advisory
https://github.com/sparklemotion/nokogiri/issues/1915
Patch
Third Party Advisory
https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
Release Notes
https://hackerone.com/reports/650835
Permissions Required
https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/202006-05
Third Party Advisory
https://usn.ubuntu.com/4175-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*

Версия до 1.10.3 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05874

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-5477

CVSS3: 9.8

ubuntu

больше 6 лет назад

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

CVE-2019-5477

CVSS3: 9.8

debian

больше 6 лет назад

A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...

GHSA-cr5j-953j-xw5p

CVSS3: 9.8

github

больше 6 лет назад

Nokogiri Command Injection Vulnerability

BDU:2020-01362

CVSS3: 9.8

fstec

больше 6 лет назад

Уязвимость программной библиотеки Nokogiri, связанная с непринятием мер по чистке данных на управляющем уровне, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

openSUSE-SU-2021:0237-1

suse-cvrf

около 5 лет назад

Security update for rubygem-nokogiri

EPSS

Процентиль: 90%

0.05874

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78