Описание
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ...
Nokogiri Improperly Handles Unexpected Data Type
Уязвимость программной библиотеки Nokogiri интерпретатора Ruby, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
EPSS
8.2 High
CVSS3
6.4 Medium
CVSS2