Sha256: 32d3d829821e5ca9f71a01297b7b6164810d55941c75c5fe6842f6144d68c890
Contents?: true
Size: 1.06 KB
Versions: 3
Compression:
Stored size: 1.06 KB
Contents
---
gem: nokogiri
cve: 2016-4658
url: https://github.com/sparklemotion/nokogiri/issues/1615
title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
date: 2017-03-11
description: |
Nokogiri version 1.7.1 has been released, pulling in several upstream
patches to the vendored libxml2 to address the following CVEs:
CVE-2016-4658
CVSS v3 Base Score: 9.8 (Critical)
libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and
watchOS before 3 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted XML document.
CVE-2016-5131
CVSS v3 Base Score: 8.8 (HIGH)
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google
Chrome before 52.0.2743.82, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
the XPointer range-to function.
cvss_v2: 10.0
cvss_v3: 9.8
patched_versions:
- ">= 1.7.1"
related:
cve:
- 2016-5131
url:
- https://github.com/sparklemotion/nokogiri/issues/1615
Version data entries
3 entries across 3 versions & 2 rubygems