MEDIUM
GHSA-q7wx-62r7-j2x7
Nokogiri vulnerable to libxml XML Entity Expansion
Details
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2015-1819 [ADVISORY]
- https://github.com/sparklemotion/nokogiri/issues/1374 [WEB]
- https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9 [WEB]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml [WEB]
- https://security.gentoo.org/glsa/201507-08 [WEB]
- https://security.gentoo.org/glsa/201701-37 [WEB]
- https://support.apple.com/HT206166 [WEB]
- https://support.apple.com/HT206167 [WEB]
- https://support.apple.com/HT206168 [WEB]
- https://support.apple.com/HT206169 [WEB]
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html [WEB]
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html [WEB]
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html [WEB]
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html [WEB]
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html [WEB]
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html [WEB]
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html [WEB]
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2015-1419.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2015-2550.html [WEB]
- http://www.debian.org/security/2015/dsa-3430 [WEB]
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html [WEB]
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html [WEB]
- http://www.ubuntu.com/usn/USN-2812-1 [WEB]
- http://xmlsoft.org/news.html [WEB]