exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2022-23476

больше 2 лет назад

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

CVSS3: 7.5

EPSS: Низкий

CVE-2022-23476

больше 2 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2022-23476

больше 2 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2022-23476

больше 2 лет назад

Nokogiri is an open source XML and HTML library for the Ruby programmi ...

CVSS3: 7.5

EPSS: Низкий

GHSA-qv4q-mr5r-qprj

больше 2 лет назад

Unchecked return value from xmlTextReaderExpand

CVSS3: 7.5

EPSS: Низкий

ROS-20230929-01

больше 1 года назад

Множественные уязвимости Puppet

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-23476 Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.	CVSS3: 7.5	0% Низкий	больше 2 лет назад
CVE-2022-23476 Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.	CVSS3: 7.5	0% Низкий	больше 2 лет назад
CVE-2022-23476 Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.	CVSS3: 7.5	0% Низкий	больше 2 лет назад
CVE-2022-23476 Nokogiri is an open source XML and HTML library for the Ruby programmi ...	CVSS3: 7.5	0% Низкий	больше 2 лет назад
GHSA-qv4q-mr5r-qprj Unchecked return value from xmlTextReaderExpand	CVSS3: 7.5	0% Низкий	больше 2 лет назад
ROS-20230929-01 Множественные уязвимости Puppet	CVSS3: 7.5		больше 1 года назад

Уязвимостей на страницу