rpm package
suse/rubygem-nokogiri&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/rubygem-nokogiri&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26247 | — | < 1.6.1-5.3.1 | 1.6.1-5.3.1 | Dec 30, 2020 | Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be acces | ||
| CVE-2019-5477 | — | < 1.6.1-5.3.1 | 1.6.1-5.3.1 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a |
- CVE-2020-26247Dec 30, 2020affected < 1.6.1-5.3.1fixed 1.6.1-5.3.1
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be acces
- CVE-2019-5477Aug 16, 2019affected < 1.6.1-5.3.1fixed 1.6.1-5.3.1
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a