HIGH 8.8

GHSA-r58r-74gx-6wx3

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

Details

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Are you affected?

Enter the version of the package you're using.

Affected packages

RubyGems / nokogiri

Introduced in: 0 Fixed in: 1.8.2

Fix bundle update nokogiri

References

https://nvd.nist.gov/vuln/detail/CVE-2017-15412 [ADVISORY]
https://github.com/sparklemotion/nokogiri/issues/1714 [WEB]
https://access.redhat.com/errata/RHSA-2017:3401 [WEB]
https://access.redhat.com/errata/RHSA-2018:0287 [WEB]
https://bugzilla.gnome.org/show_bug.cgi?id=783160 [WEB]
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html [WEB]
https://crbug.com/727039 [WEB]
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml [WEB]
https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html [WEB]
https://security.gentoo.org/glsa/201801-03 [WEB]
https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348 [WEB]
https://www.debian.org/security/2018/dsa-4086 [WEB]