HIGH 7.5
GHSA-x2fm-93ww-ggvx
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
상세
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2017-16932 [ADVISORY]
- https://github.com/sparklemotion/nokogiri/issues/1714 [WEB]
- https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 [WEB]
- https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html [WEB]
- https://bugzilla.gnome.org/show_bug.cgi?id=759579 [WEB]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml [WEB]
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E [WEB]
- https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html [WEB]
- https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html [WEB]
- https://usn.ubuntu.com/3739-1 [WEB]
- http://xmlsoft.org/news.html [WEB]