Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-23476

Опубликовано: 08 дек. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Reader#attribute_hash. This can lead to a null pointer exception when invalid markup is being parsed. For applications using XML::Reader to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri >= 1.13.10. Users may be able to search their code for calls to either XML::Reader#attributes or XML::Reader#attribute_hash to determine if they are affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nokogiri:nokogiri:1.13.8:*:*:*:*:ruby:*:*
cpe:2.3:a:nokogiri:nokogiri:1.13.9:*:*:*:*:ruby:*:*

EPSS

Процентиль: 41%
0.00185
Низкий

7.5 High

CVSS3

Дефекты

CWE-252

Связанные уязвимости

ubuntu логотип

CVE-2022-23476

CVSS3: 7.5
ubuntu
больше 2 лет назад

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

redhat логотип

CVE-2022-23476

CVSS3: 7.5
redhat
больше 2 лет назад

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

debian логотип

CVE-2022-23476

CVSS3: 7.5
debian
больше 2 лет назад

Nokogiri is an open source XML and HTML library for the Ruby programmi ...

github логотип

GHSA-qv4q-mr5r-qprj

CVSS3: 7.5
github
больше 2 лет назад

Unchecked return value from xmlTextReaderExpand

redos логотип

ROS-20230929-01

CVSS3: 7.5
redos
больше 1 года назад

Множественные уязвимости Puppet

EPSS

Процентиль: 41%
0.00185
Низкий

7.5 High

CVSS3

Дефекты

CWE-252