HIGH 7.5
GHSA-7hp2-xwpj-95jq
Denial of service or RCE from libxml2 and libxslt
상세
Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2015-8806 [ADVISORY]
- https://github.com/sparklemotion/nokogiri/issues/1473 [WEB]
- https://bugzilla.gnome.org/show_bug.cgi?id=749115 [WEB]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml [WEB]
- https://github.com/sparklemotion/nokogiri [PACKAGE]
- https://security.gentoo.org/glsa/201701-37 [WEB]
- https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071 [WEB]
- https://www.debian.org/security/2016/dsa-3593 [WEB]
- http://www.openwall.com/lists/oss-security/2016/02/03/5 [WEB]
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html [WEB]
- http://www.ubuntu.com/usn/USN-2994-1 [WEB]