CVE-2012-6685

Опубликовано: 06 июн. 2012

Источник: redhat

CVSS2: 5

EPSS Низкий

Описание

Nokogiri before 1.5.4 is vulnerable to XXE attacks

Отчет

This issue affects the versions of ruby193-rubygem-nokogiri as shipped with Red Hat Satellite 6 and Red Hat OpenStack 6. Red Hat Product Security has rated this issue as having moderate security impact. A future update may address this issue. Red Hat Product Security has rated this issue as having no security impact for rubygem-nokogiri as shipped with: Red Hat Enterprise MRG 2.5, Red Hat Subscription Asset Manager 1.3, Red Hat CloudForms Management Engine 5.3.0, Red Hat OpenShift Enterprise 2.2.0; for ruby193-rubygem-nokogiri as shipped with Red Hat Satellite 6, Red Hat Subscription Asset Manager 1.3, Red Hat CloudForms Management Engine 5.3.0, Red Hat OpenStack 4.0, Red Hat OpenStack Foreman, Red Hat OpenStack 6, Red Hat OpenShift Enterprise 2.2.0; and for mingw-rubygem-nokogiri as shipped with Red Hat CloudForms Management Engine 5.3.0. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenStack Foreman	ruby193-rubygem-nokogiri	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer	ruby193-rubygem-nokogiri	Fix deferred
Red Hat Enterprise MRG 2	rubygem-nokogiri	Will not fix
Red Hat OpenShift Enterprise 2	ruby193-rubygem-nokogiri	Will not fix
Red Hat OpenShift Enterprise 2	rubygem-nokogiri	Will not fix
Red Hat OpenStack Platform 4	ruby193-rubygem-nokogiri	Will not fix
Red Hat Satellite 6	ruby193-rubygem-nokogiri	Will not fix
Red Hat Subscription Asset Manager	ruby193-rubygem-nokogiri	Will not fix
Red Hat Subscription Asset Manager	rubygem-nokogiri	Will not fix
CloudForms Management Engine 5.10	ansible-runner	Fixed	RHSA-2019:0212	07.02.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1178970rubygem-nokogiri: XML eXternal Entity (XXE) flaw

EPSS

Процентиль: 55%

0.00323

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2012-6685

CVSS3: 7.5

ubuntu

почти 6 лет назад

Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-6685

CVSS3: 7.5

nvd

почти 6 лет назад

Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-6685

CVSS3: 7.5

debian

почти 6 лет назад

Nokogiri before 1.5.4 is vulnerable to XXE attacks

GHSA-6wj9-77wq-jq7p

CVSS3: 7.5

github

почти 4 года назад

Nokogiri is vulnerable to XML External Entity (XXE) attack

EPSS

Процентиль: 55%

0.00323

Низкий

5 Medium

CVSS2