Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-24836

Опубликовано: 11 апр. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.

A flaw was found in the nokogiri library when processing an inefficient and complex regular expression. This flaw allows an attacker to cause excessive consumption of resources, which affects performance.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5rubygem-nokogiriWill not fix
Red Hat Satellite 6tfm-ror51-rubygem-nokogiriFix deferred
Red Hat Satellite 6tfm-ror52-rubygem-nokogiriFix deferred
Red Hat Satellite 6.12 for RHEL 8rubygem-nokogiriFixedRHSA-2022:850616.11.2022
Red Hat Satellite 6.12 for RHEL 8rubygem-nokogiriFixedRHSA-2022:850616.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-1333
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2074346nokogiri: ReDoS in HTML encoding detection

EPSS

Процентиль: 78%
0.01203
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-24836

CVSS3: 7.5
ubuntu
больше 3 лет назад

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.

nvd логотип

CVE-2022-24836

CVSS3: 7.5
nvd
больше 3 лет назад

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.

debian логотип

CVE-2022-24836

CVSS3: 7.5
debian
больше 3 лет назад

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< ...

github логотип

GHSA-crjr-9rc5-ghw8

CVSS3: 7.5
github
больше 3 лет назад

Nokogiri Inefficient Regular Expression Complexity

fstec логотип

BDU:2022-06047

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость программной библиотеки Nokogiri, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01203
Низкий

7.5 High

CVSS3