CVE-2015-8806 – nokogiri

Package

Manager: gem
Name: nokogiri
Vulnerable Version: >=1.6.0 <1.6.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.08565 pctl0.92056

Details

Denial of service or RCE from libxml2 and libxslt Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

Metadata

Created: 2018-09-17T21:53:42Z
Modified: 2023-06-30T19:54:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-7hp2-xwpj-95jq/GHSA-7hp2-xwpj-95jq.json
CWE IDs: ["CWE-125"]
Alternative ID: GHSA-7hp2-xwpj-95jq
Finding: F063
Auto approve: 1