Nokogiri 1.13.3 for Ruby

CPE Details

Nokogiri 1.13.3 for Ruby
nokogiri
nokogiri
1.13.3
2022-04-18
15h45 +00:00
2022-05-04
12h45 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nokogiri:nokogiri:1.13.3:*:*:*:*:ruby:*:*

Informations

Vendor

nokogiri

Product

nokogiri

Version

1.13.3

Target Software

ruby

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29181 2022-05-19 22h00 +00:00 Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
8.2
High
CVE-2022-24836 2022-04-10 22h00 +00:00 Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
7.5
High