CVE-2017-15412 – nokogiri

Package

Manager: gem
Name: nokogiri
Vulnerable Version: >=0 <1.8.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.03249 pctl0.86639

Details

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Metadata

Created: 2022-05-14T02:19:17Z
Modified: 2023-08-26T00:20:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r58r-74gx-6wx3/GHSA-r58r-74gx-6wx3.json
CWE IDs: ["CWE-416"]
Alternative ID: GHSA-r58r-74gx-6wx3
Finding: F138
Auto approve: 1