GHSA-r58r-74gx-6wx3

Source

https://github.com/advisories/GHSA-r58r-74gx-6wx3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r58r-74gx-6wx3/GHSA-r58r-74gx-6wx3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r58r-74gx-6wx3

Aliases

CVE-2017-15412

Published

2022-05-14T02:19:17Z

Modified

2024-02-16T08:12:36.174328Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

Details

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

Affected packages

RubyGems / nokogiri

Package

Name: nokogiri
Purl: pkg:gem/nokogiri

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.2

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1.0

1.1.1

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.4.0

1.4.1

1.4.2

1.4.2.1

1.4.3

1.4.3.1

1.4.4

1.4.4.1

1.4.4.2

1.4.5

1.4.6

1.4.7

1.5.0.beta.1

1.5.0.beta.2

1.5.0.beta.3

1.5.0.beta.4

1.5.0

1.5.1.rc1

1.5.1

1.5.2

1.5.3.rc2

1.5.3.rc3

1.5.3.rc4

1.5.3.rc5

1.5.3.rc6

1.5.3

1.5.4.rc1

1.5.4.rc2

1.5.4.rc3

1.5.4

1.5.5.rc1

1.5.5.rc2

1.5.5.rc3

1.5.5

1.5.6.rc1

1.5.6.rc2

1.5.6.rc3

1.5.6

1.5.7.rc1

1.5.7.rc2

1.5.7.rc3

1.5.7

1.5.8

1.5.9

1.5.10

1.5.11

1.6.0.rc1

1.6.0

1.6.1

1.6.2.rc1

1.6.2.rc2

1.6.2.rc3

1.6.2

1.6.2.1

1.6.3.rc1

1.6.3.rc2

1.6.3.rc3

1.6.3

1.6.3.1

1.6.4

1.6.4.1

1.6.5

1.6.6.1

1.6.6.2

1.6.6.3

1.6.6.4

1.6.7.rc2

1.6.7.rc3

1.6.7.rc4

1.6.7

1.6.7.1

1.6.7.2

1.6.8.rc1

1.6.8.rc2

1.6.8.rc3

1.6.8

1.6.8.1

1.7.0

1.7.0.1

1.7.1

1.7.2

1.8.0

1.8.1