Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-24839

Опубликовано: 11 апр. 2022
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to >= 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:nekohtml_project:nekohtml:*:*:*:*:*:nokogiri:*:*
Версия до 1.9.22.noko2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 63%
0.00454
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2022-24839

CVSS3: 7.5
ubuntu
почти 4 года назад

org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.

redhat логотип

CVE-2022-24839

CVSS3: 7.5
redhat
почти 4 года назад

org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.

debian логотип

CVE-2022-24839

CVSS3: 7.5
debian
почти 4 года назад

org.cyberneko.html is an html parser written in Java. The fork of `org ...

github логотип

GHSA-9849-p7jc-9rmv

CVSS3: 7.5
github
больше 2 лет назад

org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption

fstec логотип

BDU:2024-01887

CVSS3: 7.5
fstec
почти 4 года назад

Уязвимость анализатора html-кода NekoHTML программной библиотеки Nokogiri, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 63%
0.00454
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400