Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-29181

Опубликовано: 19 мая 2022
Источник: redhat
CVSS3: 8.2
EPSS Низкий

Описание

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.

A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability.

Отчет

Red Hat Satellite 6.12 and later versions are not affected by this flaw.

Меры по смягчению последствий

To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling #to_s or equivalent.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5rubygem-nokogiriWill not fix
Red Hat Satellite 6.12 for RHEL 8rubygem-nokogiriFixedRHSA-2022:850616.11.2022
Red Hat Satellite 6.12 for RHEL 8rubygem-nokogiriFixedRHSA-2022:850616.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-241
https://bugzilla.redhat.com/show_bug.cgi?id=2088684rubygem-nokogiri: Improper Handling of Unexpected Data Type in Nokogiri

EPSS

Процентиль: 90%
0.05756
Низкий

8.2 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-29181

CVSS3: 8.2
ubuntu
больше 3 лет назад

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.

nvd логотип

CVE-2022-29181

CVSS3: 8.2
nvd
больше 3 лет назад

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.

debian логотип

CVE-2022-29181

CVSS3: 8.2
debian
больше 3 лет назад

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ...

github логотип

GHSA-xh29-r2w5-wx8m

CVSS3: 8.2
github
больше 3 лет назад

Nokogiri Improperly Handles Unexpected Data Type

fstec логотип

BDU:2024-02313

CVSS3: 8.2
fstec
больше 3 лет назад

Уязвимость программной библиотеки Nokogiri интерпретатора Ruby, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

EPSS

Процентиль: 90%
0.05756
Низкий

8.2 High

CVSS3