rpm package
suse/rubygem-nokogiri&distro=SUSE Linux Enterprise High Availability Extension 15
pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-29181 | — | < 1.8.5-150000.3.9.1 | 1.8.5-150000.3.9.1 | May 20, 2022 | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memor | ||
| CVE-2022-24836 | — | < 1.8.5-150000.3.9.1 | 1.8.5-150000.3.9.1 | Apr 11, 2022 | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. Ther | ||
| CVE-2020-26247 | — | < 1.8.5-3.6.1 | 1.8.5-3.6.1 | Dec 30, 2020 | Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be acces | ||
| CVE-2019-5477 | — | < 1.8.5-3.6.1 | 1.8.5-3.6.1 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a |
- CVE-2022-29181May 20, 2022affected < 1.8.5-150000.3.9.1fixed 1.8.5-150000.3.9.1
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memor
- CVE-2022-24836Apr 11, 2022affected < 1.8.5-150000.3.9.1fixed 1.8.5-150000.3.9.1
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. Ther
- CVE-2020-26247Dec 30, 2020affected < 1.8.5-3.6.1fixed 1.8.5-3.6.1
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be acces
- CVE-2019-5477Aug 16, 2019affected < 1.8.5-3.6.1fixed 1.8.5-3.6.1
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a