Sha256: 710fa623f0252764b7afb96a9432b3f5b6c027aaedd7e6617876ec9d69a7ffa8
Contents?: true
Size: 1.04 KB
Versions: 2
Compression:
Stored size: 1.04 KB
Contents
---
gem: nokogiri
cve: 2016-4658
url: https://github.com/sparklemotion/nokogiri/issues/1615
title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
date: 2017-03-11
description: |
Nokogiri version 1.7.1 has been released, pulling in several upstream
patches to the vendored libxml2 to address the following CVEs:
CVE-2016-4658
CVSS v3 Base Score: 9.8 (Critical)
libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and
watchOS before 3 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption) via a crafted XML document.
CVE-2016-5131
CVSS v3 Base Score: 8.8 (HIGH)
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google
Chrome before 52.0.2743.82, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
the XPointer range-to function.
cvss_v3: 9.8
patched_versions:
- ">= 1.7.1"
related:
cve:
- 2016-5131
url:
- https://github.com/sparklemotion/nokogiri/issues/1615
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.6.1 | data/ruby-advisory-db/gems/nokogiri/CVE-2016-4658.yml |
| bundler-audit-0.6.0 | data/ruby-advisory-db/gems/nokogiri/CVE-2016-4658.yml |