Sha256: 2e81edebca531985901bd2eb0a754a6cc99978e4cbf43044acd12884fc36e92f

Contents?: true

Size: 748 Bytes

Versions: 3

Compression:

Stored size: 748 Bytes

Contents

---
gem: nokogiri
cve: 2017-15412
url: https://github.com/sparklemotion/nokogiri/issues/1714
title: Nokogiri gem, via libxml, is affected by DoS vulnerabilities
date: 2018-01-29
description: |
  The version of libxml2 packaged with Nokogiri contains a
  vulnerability. Nokogiri has mitigated these issue by upgrading to
  libxml 2.9.6.

  It was discovered that libxml2 incorrecty handled certain files. An attacker
  could use this issue with specially constructed XML data to cause libxml2 to
  consume resources, leading to a denial of service.

patched_versions:
  - ">= 1.8.2"
related:
  cve:
    - 2017-18258
  url:
    - https://usn.ubuntu.com/usn/usn-3513-1/
    - https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/nokogiri/CVE-2017-15412.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/nokogiri/CVE-2017-15412.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/nokogiri/CVE-2017-15412.yml