exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 7

CVE-2019-5477

больше 6 лет назад

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

CVSS3: 9.8

EPSS: Низкий

CVE-2019-5477

больше 6 лет назад

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

CVSS3: 9.8

EPSS: Низкий

CVE-2019-5477

больше 6 лет назад

A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...

CVSS3: 9.8

EPSS: Низкий

GHSA-cr5j-953j-xw5p

больше 6 лет назад

Nokogiri Command Injection Vulnerability

CVSS3: 9.8

EPSS: Низкий

BDU:2020-01362

больше 6 лет назад

Уязвимость программной библиотеки Nokogiri, связанная с непринятием мер по чистке данных на управляющем уровне, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

CVSS3: 9.8

EPSS: Низкий

openSUSE-SU-2021:0237-1

около 5 лет назад

Security update for rubygem-nokogiri

EPSS: Низкий

SUSE-SU-2021:0251-1

около 5 лет назад

Security update for rubygem-nokogiri

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-5477 A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.	CVSS3: 9.8	6% Низкий	больше 6 лет назад
CVE-2019-5477 A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.	CVSS3: 9.8	6% Низкий	больше 6 лет назад
CVE-2019-5477 A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...	CVSS3: 9.8	6% Низкий	больше 6 лет назад
GHSA-cr5j-953j-xw5p Nokogiri Command Injection Vulnerability	CVSS3: 9.8	6% Низкий	больше 6 лет назад
BDU:2020-01362 Уязвимость программной библиотеки Nokogiri, связанная с непринятием мер по чистке данных на управляющем уровне, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации	CVSS3: 9.8	6% Низкий	больше 6 лет назад
openSUSE-SU-2021:0237-1 Security update for rubygem-nokogiri			около 5 лет назад
SUSE-SU-2021:0251-1 Security update for rubygem-nokogiri			около 5 лет назад

Уязвимостей на страницу