High severityNVD Advisory· Published Apr 11, 2022· Updated Apr 23, 2025
Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)
CVE-2022-24839
Description
org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to >= 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.nokogiri:nekohtmlMaven | < 1.9.22.noko2 | 1.9.22.noko2 |
Affected products
4- ghsa-coords3 versionspkg:maven/org.nokogiri/nekohtmlpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweed
< 1.9.22.noko2+ 2 more
- (no CPE)range: < 1.9.22.noko2
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.4-1.1
- Range: < 1.9.22.noko2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9849-p7jc-9rmvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24839ghsaADVISORY
- github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773dghsax_refsource_MISCWEB
- github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmvghsax_refsource_CONFIRMWEB
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.