HIGH 7.5
GHSA-x2fm-93ww-ggvx
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Details
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2017-16932 [ADVISORY]
- https://github.com/sparklemotion/nokogiri/issues/1714 [WEB]
- https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 [WEB]
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html [WEB]
- https://bugzilla.gnome.org/show_bug.cgi?id=759579 [WEB]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml [WEB]
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html [WEB]
- https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html [WEB]
- https://usn.ubuntu.com/3739-1 [WEB]
- http://xmlsoft.org/news.html [WEB]