CVE-2019-5477
Description
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.10.4 | 1.10.4 |
rexicalRubyGems | < 1.0.7 | 1.0.7 |
Affected products
183- Range: 1.7.0.1-linux-binary1, REL_1.0.0, REL_1.0.1, …
- ghsa-coords182 versionspkg:gem/nokogiripkg:gem/rexicalpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-horizon&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-input-model&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-input-model&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-tempest&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/crowbar-core&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/galera-3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/galera-3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/galera-3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/mariadb-connector-c&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/mariadb&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/novnc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/novnc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/novnc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/novnc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-glance-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-heat-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-horizon-plugin-neutron-vpnaas-ui&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-horizon-plugin-neutron-vpnaas-ui&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-horizon-plugin-neutron-vpnaas-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-keystone-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-gbp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-lbaas&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-tempest&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-amqp&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-ovs&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-ovs&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-pysaml2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-python-engineio&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-python-engineio&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-urllib3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/release-notes-hpe-helion-openstack&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-chef&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/rubygem-chef&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-easy_diff&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/rubygem-easy_diff&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-easy_diff&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/sleshammer&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/sleshammer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 1.10.4+ 181 more
- (no CPE)range: < 1.10.4
- (no CPE)range: < 1.0.7
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.8.5-lp152.4.3.1
- (no CPE)range: < 1.13.3-1.1
- (no CPE)range: < 8.0+git.1566374355.c509923-3.67.3
- (no CPE)range: < 8.0+git.1566374355.c509923-3.67.3
- (no CPE)range: < 8.0+git.1566376789.be0fe01-3.17.3
- (no CPE)range: < 8.0+git.1566376789.be0fe01-3.17.3
- (no CPE)range: < 8.0+git.1565816064.5d4f73f-3.18.3
- (no CPE)range: < 8.0+git.1565816064.5d4f73f-3.18.3
- (no CPE)range: < 8.0+git.1566517401.98450e6-3.33.3
- (no CPE)range: < 8.0+git.1566517401.98450e6-3.33.3
- (no CPE)range: < 8.0+git.1568835837.2452e7a-1.21.3
- (no CPE)range: < 8.0+git.1568835837.2452e7a-1.21.3
- (no CPE)range: < 8.0+git.1568220097.74ee4b4-3.33.3
- (no CPE)range: < 8.0+git.1568220097.74ee4b4-3.33.3
- (no CPE)range: < 8.0+git.1566902754.c58ff69-3.35.3
- (no CPE)range: < 8.0+git.1566902754.c58ff69-3.35.3
- (no CPE)range: < 8.0+git.1568373448.bcaee7e-3.20.3
- (no CPE)range: < 8.0+git.1568373448.bcaee7e-3.20.3
- (no CPE)range: < 8.0+git.1566471887.fd2fec7-3.27.3
- (no CPE)range: < 8.0+git.1566471887.fd2fec7-3.27.3
- (no CPE)range: < 4.0+git.1570463621.40b11cd48-9.54.1
- (no CPE)range: < 4.0+git.1570463621.40b11cd48-9.54.1
- (no CPE)range: < 5.0+git.1569597589.1f025c557-3.32.2
- (no CPE)range: < 5.0+git.1567673535.607aada-3.26.2
- (no CPE)range: < 4.0+git.1569429513.e7016b2b6-9.59.1
- (no CPE)range: < 5.0+git.1570141351.058c8bd44-4.31.2
- (no CPE)range: < 1.2.0+git.1568396400.0344a727-3.12.3
- (no CPE)range: < 25.3.25-4.6.3
- (no CPE)range: < 25.3.25-4.6.3
- (no CPE)range: < 25.3.25-4.6.3
- (no CPE)range: < 4.6.5-4.6.3
- (no CPE)range: < 4.6.5-1.11.2
- (no CPE)range: < 4.6.5-4.6.3
- (no CPE)range: < 4.6.5-4.6.3
- (no CPE)range: < 3.1.2-3.12.3
- (no CPE)range: < 3.1.2-3.12.3
- (no CPE)range: < 3.1.2-3.12.3
- (no CPE)range: < 10.2.25-4.14.2
- (no CPE)range: < 10.2.25-4.14.2
- (no CPE)range: < 10.2.25-4.14.2
- (no CPE)range: < 1.0.0-3.6.3
- (no CPE)range: < 1.0.0-12.1
- (no CPE)range: < 1.0.0-3.6.3
- (no CPE)range: < 1.0.0-3.6.3
- (no CPE)range: < 11.2.3~dev16-3.21.4
- (no CPE)range: < 11.2.3~dev16-3.21.4
- (no CPE)range: < 11.2.3~dev16-3.21.4
- (no CPE)range: < 11.2.3~dev16-3.21.3
- (no CPE)range: < 11.2.3~dev16-3.21.3
- (no CPE)range: < 11.2.3~dev16-3.21.3
- (no CPE)range: < 15.0.3~dev3-3.12.4
- (no CPE)range: < 15.0.3~dev3-3.12.4
- (no CPE)range: < 15.0.3~dev3-3.12.4
- (no CPE)range: < 15.0.3~dev3-3.12.3
- (no CPE)range: < 15.0.3~dev3-3.12.3
- (no CPE)range: < 15.0.3~dev3-3.12.3
- (no CPE)range: < 9.0.8~dev13-3.24.4
- (no CPE)range: < 9.0.8~dev13-3.24.4
- (no CPE)range: < 9.0.8~dev13-3.24.4
- (no CPE)range: < 9.0.8~dev13-3.24.3
- (no CPE)range: < 9.0.8~dev13-3.24.3
- (no CPE)range: < 9.0.8~dev13-3.24.3
- (no CPE)range: < 1.0.1~dev3-3.6.4
- (no CPE)range: < 1.0.1~dev3-3.6.4
- (no CPE)range: < 1.0.1~dev3-3.6.4
- (no CPE)range: < 12.0.4~dev4-5.27.4
- (no CPE)range: < 10.0.3~dev9-7.18.2
- (no CPE)range: < 12.0.4~dev4-5.27.4
- (no CPE)range: < 12.0.4~dev4-5.27.4
- (no CPE)range: < 12.0.4~dev4-5.27.3
- (no CPE)range: < 10.0.3~dev9-7.18.2
- (no CPE)range: < 12.0.4~dev4-5.27.3
- (no CPE)range: < 12.0.4~dev4-5.27.3
- (no CPE)range: < 20190923_16.32-3.9.3
- (no CPE)range: < 20190923_16.32-3.9.3
- (no CPE)range: < 20190923_16.32-3.9.3
- (no CPE)range: < 11.0.9~dev51-3.24.5
- (no CPE)range: < 9.4.2~dev21-7.32.1
- (no CPE)range: < 11.0.9~dev51-3.24.5
- (no CPE)range: < 11.0.9~dev51-3.24.5
- (no CPE)range: < 11.0.9~dev51-3.24.4
- (no CPE)range: < 9.4.2~dev21-7.32.1
- (no CPE)range: < 11.0.9~dev51-3.24.4
- (no CPE)range: < 11.0.9~dev51-3.24.4
- (no CPE)range: < 7.3.1~dev56-3.9.4
- (no CPE)range: < 7.3.1~dev56-3.9.4
- (no CPE)range: < 7.3.1~dev56-3.9.4
- (no CPE)range: < 11.0.4~dev6-3.15.4
- (no CPE)range: < 9.2.2~dev11-4.18.3
- (no CPE)range: < 11.0.4~dev6-3.15.4
- (no CPE)range: < 11.0.4~dev6-3.15.4
- (no CPE)range: < 11.0.4~dev6-3.15.4
- (no CPE)range: < 9.2.2~dev11-4.18.3
- (no CPE)range: < 11.0.4~dev6-3.15.4
- (no CPE)range: < 11.0.4~dev6-3.15.4
- (no CPE)range: < 16.1.9~dev7-3.29.3
- (no CPE)range: < 14.0.11~dev13-4.34.3
- (no CPE)range: < 16.1.9~dev7-3.29.3
- (no CPE)range: < 16.1.9~dev7-3.29.3
- (no CPE)range: < 16.1.9~dev7-3.29.3
- (no CPE)range: < 14.0.11~dev13-4.34.2
- (no CPE)range: < 16.1.9~dev7-3.29.3
- (no CPE)range: < 16.1.9~dev7-3.29.3
- (no CPE)range: < 12.2.1~a0~dev177-4.6.3
- (no CPE)range: < 2.2.2-3.6.3
- (no CPE)range: < 2.2.2-3.6.3
- (no CPE)range: < 2.2.2-3.6.3
- (no CPE)range: < 2.7.2-3.6.1
- (no CPE)range: < 2.7.2-3.6.1
- (no CPE)range: < 4.0.2-5.3.3
- (no CPE)range: < 4.0.2-3.11.3
- (no CPE)range: < 4.0.2-5.3.3
- (no CPE)range: < 4.0.2-5.3.3
- (no CPE)range: < 2.0.2-3.3.3
- (no CPE)range: < 2.0.2-3.3.3
- (no CPE)range: < 1.22-5.9.3
- (no CPE)range: < 1.16-3.9.2
- (no CPE)range: < 1.22-5.9.3
- (no CPE)range: < 1.22-5.9.3
- (no CPE)range: < 8.20190911-3.20.3
- (no CPE)range: < 8.20190911-3.20.3
- (no CPE)range: < 8.20190911-3.20.3
- (no CPE)range: < 10.32.2-5.12.1
- (no CPE)range: < 10.32.2-5.12.1
- (no CPE)range: < 1.0.0-3.3.1
- (no CPE)range: < 1.0.0-3.3.1
- (no CPE)range: < 1.0.0-3.4.2
- (no CPE)range: < 1.8.5-3.6.1
- (no CPE)range: < 1.8.5-3.6.1
- (no CPE)range: < 1.8.5-3.6.1
- (no CPE)range: < 1.6.1-5.3.1
- (no CPE)range: < 1.6.1-5.3.1
- (no CPE)range: < 1.6.1-5.3.1
- (no CPE)range: < 0.7.0-0.18.12.3
- (no CPE)range: < 0.7.0-0.18.12.3
- (no CPE)range: < 5.1.1~dev7-12.20.2
- (no CPE)range: < 5.1.1~dev7-12.20.2
- (no CPE)range: < 5.0.2~dev3-12.21.2
- (no CPE)range: < 5.0.2~dev3-12.21.2
- (no CPE)range: < 9.0.8~dev7-12.18.2
- (no CPE)range: < 9.0.8~dev7-12.18.2
- (no CPE)range: < 11.2.3~dev16-14.21.2
- (no CPE)range: < 11.2.3~dev16-14.21.2
- (no CPE)range: < 5.0.3~dev7-12.19.2
- (no CPE)range: < 5.0.3~dev7-12.19.2
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.16.2
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.16.2
- (no CPE)range: < 15.0.3~dev3-12.19.2
- (no CPE)range: < 15.0.3~dev3-12.19.2
- (no CPE)range: < 9.0.8~dev13-12.21.2
- (no CPE)range: < 9.0.8~dev13-12.21.2
- (no CPE)range: < 12.0.4~dev6-14.26.2
- (no CPE)range: < 12.0.4~dev6-14.26.2
- (no CPE)range: < 9.1.8~dev7-12.21.2
- (no CPE)range: < 9.1.8~dev7-12.21.2
- (no CPE)range: < 12.0.4~dev4-11.22.3
- (no CPE)range: < 12.0.4~dev4-11.22.3
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.20.2
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.20.2
- (no CPE)range: < 5.1.1~dev2-12.23.2
- (no CPE)range: < 5.1.1~dev2-12.23.2
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.16.2
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.16.2
- (no CPE)range: < 2.2.2~dev1-11.18.2
- (no CPE)range: < 2.2.2~dev1-11.18.2
- (no CPE)range: < 4.0.2~dev2-12.16.2
- (no CPE)range: < 4.0.2~dev2-12.16.2
- (no CPE)range: < 11.0.9~dev51-13.24.3
- (no CPE)range: < 11.0.9~dev51-13.24.3
- (no CPE)range: < 16.1.9~dev7-11.22.3
- (no CPE)range: < 16.1.9~dev7-11.22.3
- (no CPE)range: < 1.0.6~dev2-12.21.2
- (no CPE)range: < 1.0.6~dev2-12.21.2
- (no CPE)range: < 7.0.4~dev1-11.20.2
- (no CPE)range: < 7.0.4~dev1-11.20.2
- (no CPE)range: < 2.15.2-11.13.3
- (no CPE)range: < 2.15.2-11.13.3
- (no CPE)range: < 8.0.1~dev13-11.20.2
- (no CPE)range: < 8.0.1~dev13-11.20.2
Patches
Vulnerability mechanics
References
15- github.com/sparklemotion/nokogiri/issues/1915nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-cr5j-953j-xw5pghsaADVISORY
- lists.debian.org/debian-lts-announce/2019/09/msg00027.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2022/10/msg00018.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2022/10/msg00019.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2019-5477ghsaADVISORY
- security.gentoo.org/glsa/202006-05nvdThird Party AdvisoryWEB
- usn.ubuntu.com/4175-1/nvdThird Party Advisory
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.ymlghsaWEB
- github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dcghsaWEB
- github.com/tenderlove/rexical/blob/master/CHANGELOG.rdocnvdRelease NotesWEB
- github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926ghsaWEB
- hackerone.com/reports/650835nvdPermissions RequiredWEB
- usn.ubuntu.com/4175-1ghsaWEB
News mentions
0No linked articles in our index yet.