Sha256: 056b38a85884e0fafcc38b4f92f0a2682a1cb1be5336b2a8ff34d450c2fc427e

Contents?: true

Size: 1.19 KB

Versions: 5

Compression:

Stored size: 1.19 KB

Contents

---
gem: nokogiri
cve: 2015-8806
url: https://github.com/sparklemotion/nokogiri/issues/1473
title: Denial of service or RCE from libxml2 and libxslt
date: 2016-06-07
description: |
  Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt,
  which are libraries Nokogiri depends on. It was discovered that libxml2 and
  libxslt incorrectly handled certain malformed documents, which can allow
  malicious users to cause issues ranging from denial of service to remote code
  execution attacks.

  For more information, the Ubuntu Security Notice is a good start: 
  http://www.ubuntu.com/usn/usn-2994-1/

patched_versions:
  - ">= 1.6.8"
unaffected_versions:
  - "< 1.6.0"
related:
  cve:
    - 2016-1762
    - 2016-1833
    - 2016-1834
    - 2016-1835
    - 2016-1836
    - 2016-1837
    - 2016-1838
    - 2016-1839
    - 2016-1840
    - 2016-2073
    - 2016-3627
    - 2016-3705
    - 2016-4447
    - 2016-4449
    - 2016-4483
  url:
    - https://github.com/sparklemotion/nokogiri/issues/1473
    - https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
    - https://mail.gnome.org/archives/xml/2016-May/msg00023.html
    - http://www.ubuntu.com/usn/usn-2994-1/

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/nokogiri/CVE-2015-8806.yml