A vulnerability was found in Nokogiri up to 1.12.4 on Ruby (Ruby Gem). It has been rated as critical. This issue affects the function Nokogiri::XML::SAX::Parse/Nokogiri::HTML4::SAX::Parser/its alias Nokogiri::HTML::SAX::Parser/Nokogiri::XML::SAX::PushParser/Nokogiri::HTML4::SAX::PushParser/Nokogiri::HTML::SAX::PushParser of the component SAX Parser. Upgrading to version 1.12.5 eliminates this vulnerability. Applying the patch 5bf729ff3cc84709ee3c3248c981584088bf9f6d is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Nokogiri up to 1.12.4 on Ruby SAX Parser PushParser xml external entity reference
- Virtual Patching
- September 28, 2021
- 7:05 am
- Virtual Patching
- September 28, 2021
- 7:05 am
Common Vulnerabilityies and Exposures
Contact us to get started
CVE-2024-52759 : D-LINK DI-8003 16.07.26A1 IP_POSITION_ASP IP BUFFER OVERFLOW
Description D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. References
CVE-2024-51503 : TREND MICRO DEEP SECURITY UP TO 20.0 OS COMMAND INJECTION
Description A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an
CVE-2024-52360 : IBM CONCERT SOFTWARE 1.0.0/1.0.1/1.0.2/1.0.2.1 SQL INJECTION
Description IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially