Log in Sign up KO

HIGH 7.5

GHSA-6wj9-77wq-jq7p

Nokogiri is vulnerable to XML External Entity (XXE) attack

Details

Nokogiri before 1.5.4 is vulnerable to XXE attacks.

Are you affected?

Enter the version of the package you're using.

Affected packages

RubyGems / nokogiri

Introduced in: 0 Fixed in: 1.5.4

Fix bundle update nokogiri

References

https://nvd.nist.gov/vuln/detail/CVE-2012-6685 [ADVISORY]
https://github.com/sparklemotion/nokogiri/issues/693 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=1178970 [WEB]
https://github.com/sparklemotion/nokogiri [PACKAGE]
https://nokogiri.org/CHANGELOG.html#154-2012-06-12 [WEB]