Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/159644?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/159644?format=api", "purl": "pkg:gem/nokogiri@1.4.3", "type": "gem", "namespace": "", "name": "nokogiri", "version": "1.4.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.19.3", "latest_non_vulnerable_version": "1.19.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37942?format=api", "vulnerability_id": "VCID-124d-zrmb-xue8", "summary": "Multiple vulnerabilities in libxml2, libxslt\nThe vendored libxml2 and libxslt libraries have multiple vulnerabilities: CVE-2015-1819 CVE-2015-7941_1 CVE-2015-7941_2 CVE-2015-7942 CVE-2015-7942-2 CVE-2015-8035 CVE-2015-7995", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1663--2015-11-16", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1663--2015-11-16" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/ac6106f1e641d50b27752c52b355e01d03ae8829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/ac6106f1e641d50b27752c52b355e01d03ae8829" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/ee52b7be5b47e1029af98f6b7eb6df7fc5ffd359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/ee52b7be5b47e1029af98f6b7eb6df7fc5ffd359" }, { "reference_url": "https://groups.google.com/forum/#!topic/nokogiri-talk/gEpHWo2xLCE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/nokogiri-talk/gEpHWo2xLCE" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52401?format=api", "purl": "pkg:gem/nokogiri@1.6.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-ba5w-ed8b-duar" }, { "vulnerability": "VCID-by7n-zrpn-jubw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52351?format=api", "purl": "pkg:gem/nokogiri@1.6.7.rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-by7n-zrpn-jubw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4" } ], "aliases": [ "GMS-2015-42" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-124d-zrmb-xue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53460?format=api", "vulnerability_id": "VCID-1sh8-bsk3-auct", "summary": "libxml2 has a global Buffer Overflow vulnerability in `xmlEncodeEntitiesInternal` at `libxml2/entities.c`.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.72316", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24977" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178" }, { "reference_url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/" }, { "reference_url": "https://security.gentoo.org/glsa/202107-05", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-05" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200924-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200924-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877788", "reference_id": "1877788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877788" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529", "reference_id": "969529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529" }, { "reference_url": "https://security.archlinux.org/ASA-202011-15", "reference_id": "ASA-202011-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-15" }, { "reference_url": "https://security.archlinux.org/AVG-1263", "reference_id": "AVG-1263", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1263" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24977", "reference_id": "CVE-2020-24977", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1597", "reference_id": "RHSA-2021:1597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1597" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58355?format=api", "purl": "pkg:gem/nokogiri@1.11.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4" } ], "aliases": [ "CVE-2020-24977" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1sh8-bsk3-auct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51504?format=api", "vulnerability_id": "VCID-2r85-egs8-4be3", "summary": "Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability\n### Description\n\nIn Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema`\nare **trusted** by default, allowing external resources to be accessed over the\nnetwork, potentially enabling XXE or SSRF attacks.\n\nThis behavior is counter to\nthe security policy followed by Nokogiri maintainers, which is to treat all input\nas **untrusted** by default whenever possible.\n\nPlease note that this security\nfix was pushed into a new minor version, 1.11.x, rather than a patch release to\nthe 1.10.x branch, because it is a breaking change for some schemas and the risk\nwas assessed to be \"Low Severity\".\n\n### Affected Versions\n\nNokogiri `<= 1.10.10` as well as prereleases `1.11.0.rc1`, `1.11.0.rc2`, and `1.11.0.rc3`\n\n### Mitigation\n\nThere are no known workarounds for affected versions. Upgrade to Nokogiri\n`1.11.0.rc4` or later.\n\nIf, after upgrading to `1.11.0.rc4` or later, you wish\nto re-enable network access for resolution of external resources (i.e., return to\nthe previous behavior):\n\n1. Ensure the input is trusted. Do not enable this option\nfor untrusted input.\n2. When invoking the `Nokogiri::XML::Schema` constructor,\npass as the second parameter an instance of `Nokogiri::XML::ParseOptions` with the\n`NONET` flag turned off.\n\nSo if your previous code was:\n\n``` ruby\n# in v1.11.0.rc3 and earlier, this call allows resources to be accessed over the network\n# but in v1.11.0.rc4 and later, this call will disallow network access for external resources\nschema = Nokogiri::XML::Schema.new(schema)\n\n# in v1.11.0.rc4 and later, the following is equivalent to the code above\n# (the second parameter is optional, and this demonstrates its default value)\nschema = Nokogiri::XML::Schema.new(schema, Nokogiri::XML::ParseOptions::DEFAULT_SCHEMA)\n```\n\nThen you can add the second parameter to indicate that the input is trusted by changing it to:\n\n``` ruby\n# in v1.11.0.rc3 and earlier, this would raise an ArgumentError\n# but in v1.11.0.rc4 and later, this allows resources to be accessed over the network\nschema = Nokogiri::XML::Schema.new(trusted_schema, Nokogiri::XML::ParseOptions.new.nononet)\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49512", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26247" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m" }, { "reference_url": "https://hackerone.com/reports/747489", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/747489" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html" }, { "reference_url": "https://rubygems.org/gems/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/nokogiri" }, { "reference_url": "https://security.gentoo.org/glsa/202208-29", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-29" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912487", "reference_id": "1912487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912487" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967", "reference_id": "978967", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26247", "reference_id": "CVE-2020-26247", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5191", "reference_id": "RHSA-2021:5191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5191" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79427?format=api", "purl": "pkg:gem/nokogiri@1.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.0" } ], "aliases": [ "CVE-2020-26247", "GHSA-vr8q-g5c7-m54m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2r85-egs8-4be3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41140?format=api", "vulnerability_id": "VCID-5xuf-r7bj-33fa", "summary": "Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.89156", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13117" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ" }, { "reference_url": "https://oss-fuzz.com/testcase-detail/5631739747106816", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oss-fuzz.com/testcase-detail/5631739747106816" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728546", "reference_id": "1728546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728546" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321", "reference_id": "931321", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13117", "reference_id": "CVE-2019-13117", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13117" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58267?format=api", "purl": "pkg:gem/nokogiri@1.10.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5" } ], "aliases": [ "CVE-2019-13117", "GHSA-4hm9-844j-jmxp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xuf-r7bj-33fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37674?format=api", "vulnerability_id": "VCID-7qc1-88v3-2qbv", "summary": "XML Document Root Element Handling Memory Consumption Remote DoS\nThis package contains a flaw that is triggered when handling a root element in an XML document. This may allow a remote attacker to cause a consumption of memory resources.", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/1087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/pull/1087" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51836?format=api", "purl": "pkg:gem/nokogiri@1.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124d-zrmb-xue8" }, { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-ba5w-ed8b-duar" }, { "vulnerability": "VCID-by7n-zrpn-jubw" }, { "vulnerability": "VCID-cgmw-k7dg-gbdw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.3" } ], "aliases": [ "OSVDB-118481" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qc1-88v3-2qbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4780?format=api", "vulnerability_id": "VCID-9m3t-anwb-4fbx", "summary": "arbitrary code execution", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15391", "scoring_system": "epss", "scoring_elements": "0.94767", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1615", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1615" }, { "reference_url": "https://security.gentoo.org/glsa/201701-37", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-37" }, { "reference_url": "https://support.apple.com/HT207141", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT207141" }, { "reference_url": "https://support.apple.com/HT207142", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT207142" }, { "reference_url": "https://support.apple.com/HT207143", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT207143" }, { "reference_url": "https://support.apple.com/HT207170", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT207170" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384424", "reference_id": "1384424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384424" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553", "reference_id": "840553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553" }, { "reference_url": "https://security.archlinux.org/ASA-201611-2", "reference_id": "ASA-201611-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-2" }, { "reference_url": "https://security.archlinux.org/AVG-56", "reference_id": "AVG-56", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-56" }, { "reference_url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html", "reference_id": "CVE-2016-4448.HTML", "reference_type": "", "scores": [], "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4658", "reference_id": "CVE-2016-4658", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4658" }, { "reference_url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html", "reference_id": "CVE-2016-4658.HTML", "reference_type": "", "scores": [], "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html" }, { "reference_url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html", "reference_id": "CVE-2016-5131.HTML", "reference_type": "", "scores": [], "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3810", "reference_id": "RHSA-2021:3810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52887?format=api", "purl": "pkg:gem/nokogiri@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1" } ], "aliases": [ "CVE-2016-4658", "GHSA-fr52-4hqw-p27f" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9m3t-anwb-4fbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40102?format=api", "vulnerability_id": "VCID-akrb-6bu8-nqfq", "summary": "NULL Pointer Dereference\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1543", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1543" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95589", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14404" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1785", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1785" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/issues/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/issues/10" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0002" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", "reference_id": "CVE-2018-14404", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml", "reference_id": "CVE-2018-14404.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6qvp-r6r3-9p7h", "reference_id": "GHSA-6qvp-r6r3-9p7h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6qvp-r6r3-9p7h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1827", "reference_id": "RHSA-2020:1827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1827" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57344?format=api", "purl": "pkg:gem/nokogiri@1.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.5" } ], "aliases": [ "CVE-2018-14404", "GHSA-6qvp-r6r3-9p7h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akrb-6bu8-nqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4595?format=api", "vulnerability_id": "VCID-b8q3-sd61-rqhf", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5029", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01232", "scoring_system": "epss", "scoring_elements": "0.79516", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5029" }, { "reference_url": "https://crbug.com/676623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://crbug.com/676623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046" }, { "reference_url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5" }, { "reference_url": "https://github.com/advisories/GHSA-pf6m-fxpq-fg8v", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf6m-fxpq-fg8v" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1634", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1634" }, { "reference_url": "https://ubuntu.com/security/CVE-2017-5029", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/security/CVE-2017-5029" }, { "reference_url": "https://ubuntu.com/security/notices/USN-3271-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/security/notices/USN-3271-1" }, { "reference_url": "http://www.securityfocus.com/bid/96767", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1431033", "reference_id": "1431033", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1431033" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546", "reference_id": "858546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546" }, { "reference_url": "https://security.archlinux.org/ASA-201703-4", "reference_id": "ASA-201703-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-4" }, { "reference_url": "https://security.archlinux.org/ASA-201703-5", "reference_id": "ASA-201703-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-5" }, { "reference_url": "https://security.archlinux.org/AVG-195", "reference_id": "AVG-195", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-195" }, { "reference_url": "https://security.archlinux.org/AVG-196", "reference_id": "AVG-196", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-196" }, { "reference_url": "https://security.archlinux.org/AVG-197", "reference_id": "AVG-197", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-197" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5029", "reference_id": "CVE-2017-5029", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5029" }, { "reference_url": "https://security.gentoo.org/glsa/201804-01", "reference_id": "GLSA-201804-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0499", "reference_id": "RHSA-2017:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0499" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52887?format=api", "purl": "pkg:gem/nokogiri@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/143915?format=api", "purl": "pkg:gem/nokogiri@1.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.2" } ], "aliases": [ "CVE-2017-5029", "GHSA-pf6m-fxpq-fg8v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8q3-sd61-rqhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37947?format=api", "vulnerability_id": "VCID-ba5w-ed8b-duar", "summary": "Unsafe parsing of unclosed comments\nParsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access.", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4" }, { "reference_url": "https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52350?format=api", "purl": "pkg:gem/nokogiri@1.6.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-by7n-zrpn-jubw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52351?format=api", "purl": "pkg:gem/nokogiri@1.6.7.rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-by7n-zrpn-jubw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4" } ], "aliases": [ "GMS-2015-43" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ba5w-ed8b-duar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37897?format=api", "vulnerability_id": "VCID-cgmw-k7dg-gbdw", "summary": "Vulnerabilities in libxml2 and libxslt\nSeveral vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1419.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1419.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02045", "scoring_system": "epss", "scoring_elements": "0.8417", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1374", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1374" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/1376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/pull/1376" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1819", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1819" }, { "reference_url": "https://security.gentoo.org/glsa/201507-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201507-08" }, { "reference_url": "https://security.gentoo.org/glsa/201701-37", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-37" }, { "reference_url": "https://support.apple.com/HT206166", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206166" }, { "reference_url": "https://support.apple.com/HT206167", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206167" }, { "reference_url": "https://support.apple.com/HT206168", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206168" }, { "reference_url": "https://support.apple.com/HT206169", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206169" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3430", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3430" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2812-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2812-1" }, { "reference_url": "http://xmlsoft.org/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://xmlsoft.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211278", "reference_id": "1211278", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211278" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782", "reference_id": "782782", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1419", "reference_id": "RHSA-2015:1419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2550", "reference_id": "RHSA-2015:2550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2550" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52350?format=api", "purl": "pkg:gem/nokogiri@1.6.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-by7n-zrpn-jubw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52351?format=api", "purl": "pkg:gem/nokogiri@1.6.7.rc4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-by7n-zrpn-jubw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4" } ], "aliases": [ "CVE-2015-1819", "GHSA-q7wx-62r7-j2x7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgmw-k7dg-gbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51499?format=api", "vulnerability_id": "VCID-chdv-jk6d-uuga", "summary": "Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171\n## Summary\n\nNokogiri v1.18.3 upgrades its dependency libxml2 to\n[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).\n\nlibxml2 v2.13.6 addresses:\n\n- CVE-2025-24928\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\n- CVE-2024-56171\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828\n\n## Impact\n\n### CVE-2025-24928\n\nStack-buffer overflow is possible when reporting DTD validation\nerrors if the input contains a long (~3kb) QName prefix.\n\n### CVE-2024-56171\n\nUse-after-free is possible during validation against untrusted\nXML Schemas (.xsd) and, potentially, validation of untrusted documents\nagainst trusted Schemas if they make use of `xsd:keyref` in combination\nwith recursively defined types that have additional identity constraints.", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m" }, { "reference_url": "https://github.com/advisories/GHSA-vvfq-8hwr-qm4m", "reference_id": "GHSA-vvfq-8hwr-qm4m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vvfq-8hwr-qm4m" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml", "reference_id": "GHSA-vvfq-8hwr-qm4m.yml", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84149?format=api", "purl": "pkg:gem/nokogiri@1.18.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3" } ], "aliases": [ "GHSA-vvfq-8hwr-qm4m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-chdv-jk6d-uuga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50194?format=api", "vulnerability_id": "VCID-d13x-y75t-2ugx", "summary": "Nokogiri does not check the return value from xmlC14NExecute\nNokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.\n\nJRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/advisories/GHSA-wx95-c6cv-8532", "reference_id": "GHSA-wx95-c6cv-8532", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wx95-c6cv-8532" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532", "reference_id": "GHSA-wx95-c6cv-8532", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74105?format=api", "purl": "pkg:gem/nokogiri@1.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d13x-y75t-2ugx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.1" } ], "aliases": [ "GHSA-wx95-c6cv-8532" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d13x-y75t-2ugx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37978?format=api", "vulnerability_id": "VCID-efx2-bpu9-z7a4", "summary": "Vulnerabilities in libxml2\nSeveral vulnerabilities were discovered in the libxml2 library that this package gem depends on.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.7816", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5312" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/1378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/pull/1378" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172" }, { "reference_url": "https://security.gentoo.org/glsa/201701-37", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-37" }, { "reference_url": "https://support.apple.com/HT206166", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206166" }, { "reference_url": "https://support.apple.com/HT206167", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206167" }, { "reference_url": "https://support.apple.com/HT206168", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206168" }, { "reference_url": "https://support.apple.com/HT206169", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/HT206169" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3430", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3430" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2834-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2834-1" }, { "reference_url": "http://xmlsoft.org/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://xmlsoft.org/news.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5312", "reference_id": "CVE-2015-5312", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2549", "reference_id": "RHSA-2015:2549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2550", "reference_id": "RHSA-2015:2550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1089", "reference_id": "RHSA-2016:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1089" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52454?format=api", "purl": "pkg:gem/nokogiri@1.6.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.1" } ], "aliases": [ "CVE-2015-5312", "GHSA-xjqg-9jvg-fgx2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efx2-bpu9-z7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38085?format=api", "vulnerability_id": "VCID-egft-crba-6ubx", "summary": "Uncontrolled Resource Consumption\ndict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the \"<!DOCTYPE html\" substring in a crafted HTML document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08565", "scoring_system": "epss", "scoring_elements": "0.92549", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8806" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=749115", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=749115" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1473", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1473" }, { "reference_url": "https://mail.gnome.org/archives/xml/2016-May/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://mail.gnome.org/archives/xml/2016-May/msg00023.html" }, { "reference_url": "https://security.gentoo.org/glsa/201701-37", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-37" }, { "reference_url": "https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071" }, { "reference_url": "https://www.debian.org/security/2016/dsa-3593", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2016/dsa-3593" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/02/03/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/02/03/5" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "reference_url": "http://www.ubuntu.com/usn/usn-2994-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-2994-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2994-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2994-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304636", "reference_id": "1304636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304636" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613", "reference_id": "813613", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8806", "reference_id": "CVE-2015-8806", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8806" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52644?format=api", "purl": "pkg:gem/nokogiri@1.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8" } ], "aliases": [ "CVE-2015-8806", "GHSA-7hp2-xwpj-95jq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egft-crba-6ubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37972?format=api", "vulnerability_id": "VCID-fn1n-adz5-5fcy", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00714", "scoring_system": "epss", "scoring_elements": "0.7272", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7499" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da" }, { "reference_url": "https://github.com/advisories/GHSA-jxjr-5h69-qw3w", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jxjr-5h69-qw3w" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM" }, { "reference_url": "https://security.gentoo.org/glsa/201701-37", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-37" }, { "reference_url": "https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509" }, { "reference_url": "https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3430", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3430" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2834-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2834-1" }, { "reference_url": "http://xmlsoft.org/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://xmlsoft.org/news.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7499", "reference_id": "CVE-2015-7499", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2549", "reference_id": "RHSA-2015:2549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2550", "reference_id": "RHSA-2015:2550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1089", "reference_id": "RHSA-2016:1089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1089" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52457?format=api", "purl": "pkg:gem/nokogiri@1.6.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/160400?format=api", "purl": "pkg:gem/nokogiri@1.6.8.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8.rc1" } ], "aliases": [ "CVE-2015-7499", "GHSA-jxjr-5h69-qw3w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fn1n-adz5-5fcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41139?format=api", "vulnerability_id": "VCID-ft4s-195a-8fcf", "summary": "Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77408", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13118" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/13" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/14" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/15" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/22" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/23" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/24" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/31" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/37" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/38", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/38" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ" }, { "reference_url": "https://oss-fuzz.com/testcase-detail/5197371471822848", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oss-fuzz.com/testcase-detail/5197371471822848" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/21" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/22" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/23" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/25", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/25" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/35", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/35" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/36", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/36" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/37" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/40" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/41", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/41" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/42", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Jul/42" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003" }, { "reference_url": "https://support.apple.com/kb/HT210346", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210346" }, { "reference_url": "https://support.apple.com/kb/HT210348", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210348" }, { "reference_url": "https://support.apple.com/kb/HT210351", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210351" }, { "reference_url": "https://support.apple.com/kb/HT210353", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210353" }, { "reference_url": "https://support.apple.com/kb/HT210356", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210356" }, { "reference_url": "https://support.apple.com/kb/HT210357", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210357" }, { "reference_url": "https://support.apple.com/kb/HT210358", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT210358" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728541", "reference_id": "1728541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728541" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320", "reference_id": "931320", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13118", "reference_id": "CVE-2019-13118", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13118" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58267?format=api", "purl": "pkg:gem/nokogiri@1.10.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5" } ], "aliases": [ "CVE-2019-13118", "GHSA-cf46-6xxh-pc75" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ft4s-195a-8fcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38853?format=api", "vulnerability_id": "VCID-gdgu-7d3a-uygr", "summary": "Vulnerabilities in libxml2\nThe version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050)", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/issues/1673" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54117?format=api", "purl": "pkg:gem/nokogiri@1.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1" } ], "aliases": [ "USN-3424-1" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdgu-7d3a-uygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39522?format=api", "vulnerability_id": "VCID-gwrv-agck-yuex", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn the Loofah gem for Ruby, denylisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72159", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8048" }, { "reference_url": "https://github.com/advisories/GHSA-x7rv-cr6v-4vm4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x7rv-cr6v-4vm4" }, { "reference_url": "https://github.com/flavorjones/loofah", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/flavorjones/loofah" }, { "reference_url": "https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116" }, { "reference_url": "https://github.com/flavorjones/loofah/issues/144", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/flavorjones/loofah/issues/144" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/1746", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/pull/1746" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191122-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191122-0003" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4171", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4171" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2018/03/19/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2018/03/19/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559071", "reference_id": "1559071", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559071" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596", "reference_id": "893596", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8048", "reference_id": "CVE-2018-8048", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8048" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55260?format=api", "purl": "pkg:gem/nokogiri@1.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.3" } ], "aliases": [ "CVE-2018-8048", "GHSA-x7rv-cr6v-4vm4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwrv-agck-yuex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39554?format=api", "vulnerability_id": "VCID-j98t-paam-97ec", "summary": "Allocation of Resources Without Limits or Throttling\nThe xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00898", "scoring_system": "epss", "scoring_elements": "0.7602", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18258" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190719-0001/" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3739-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", "reference_id": "1566749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245", "reference_id": "895245", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245" }, { "reference_url": "https://security.archlinux.org/AVG-671", "reference_id": "AVG-671", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-671" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", "reference_id": "CVE-2017-18258", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258" }, { "reference_url": "https://github.com/advisories/GHSA-882p-jqgm-f45g", "reference_id": "GHSA-882p-jqgm-f45g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-882p-jqgm-f45g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55376?format=api", "purl": "pkg:gem/nokogiri@1.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2" } ], "aliases": [ "CVE-2017-18258", "GHSA-882p-jqgm-f45g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j98t-paam-97ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40906?format=api", "vulnerability_id": "VCID-jvd7-7jes-4ffn", "summary": "Bypass of a protection mechanism in libxslt\nThe libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01133", "scoring_system": "epss", "scoring_elements": "0.78684", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1892", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1892" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/pull/1898" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001" }, { "reference_url": "https://usn.ubuntu.com/3947-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3947-1" }, { "reference_url": "https://usn.ubuntu.com/3947-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3947-2" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/23/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709697", "reference_id": "1709697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709697" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895", "reference_id": "926895", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11068" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2019-11068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4005", "reference_id": "RHSA-2020:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4464", "reference_id": "RHSA-2020:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4464" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75864?format=api", "purl": "pkg:gem/nokogiri@1.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/57780?format=api", "purl": "pkg:gem/nokogiri@1.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4" } ], "aliases": [ "CVE-2019-11068", "GHSA-qxcg-xjjg-66mj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvd7-7jes-4ffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51498?format=api", "vulnerability_id": "VCID-jxz3-ug52-cuhn", "summary": "libxml2 2.9.10 has an infinite loop in a certain end-of-file situation\nNokogiri has backported the patch for CVE-2020-7595 into its vendored version\nof libxml2, and released this as v1.10.8\n\nCVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and\nso Nokogiri versions <= v1.10.7 are vulnerable.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00476", "scoring_system": "epss", "scoring_elements": "0.65244", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7595" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1992", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1992" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/" }, { "reference_url": "https://security.gentoo.org/glsa/202010-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202010-04" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200702-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200702-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200702-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200702-0005/" }, { "reference_url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08" }, { "reference_url": "https://usn.ubuntu.com/4274-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4274-1" }, { "reference_url": "https://usn.ubuntu.com/4274-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4274-1/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786", "reference_id": "1799786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582", "reference_id": "949582", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582" }, { "reference_url": "https://security.archlinux.org/ASA-202011-15", "reference_id": "ASA-202011-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-15" }, { "reference_url": "https://security.archlinux.org/AVG-1263", "reference_id": "AVG-1263", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1263" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595", "reference_id": "CVE-2020-7595", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3996", "reference_id": "RHSA-2020:3996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4479", "reference_id": "RHSA-2020:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76493?format=api", "purl": "pkg:gem/nokogiri@1.10.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.8" } ], "aliases": [ "CVE-2020-7595", "GHSA-7553-jr98-vx47" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxz3-ug52-cuhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39177?format=api", "vulnerability_id": "VCID-m91c-mfu9-bbbh", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nparser.c in libxml2 does not prevent infinite recursion in parameter entities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21755", "scoring_system": "epss", "scoring_elements": "0.95849", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16932" }, { "reference_url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=759579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=759579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932" }, { "reference_url": "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1714", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1714" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/usn/usn-3504-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/usn/usn-3504-1/" }, { "reference_url": "http://xmlsoft.org/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://xmlsoft.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517316", "reference_id": "1517316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517316" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613", "reference_id": "882613", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16932", "reference_id": "CVE-2017-16932", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16932" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", "reference_id": "CVE-2017-16932.HTML", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54117?format=api", "purl": "pkg:gem/nokogiri@1.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1" } ], "aliases": [ "CVE-2017-16932", "GHSA-x2fm-93ww-ggvx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m91c-mfu9-bbbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46947?format=api", "vulnerability_id": "VCID-p6m6-7kgc-y3g8", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/discussions/3146", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/discussions/3146" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", "reference_id": "CVE-2024-25062", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062" }, { "reference_url": "https://github.com/advisories/GHSA-xc9x-jj77-9p9j", "reference_id": "GHSA-xc9x-jj77-9p9j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xc9x-jj77-9p9j" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j", "reference_id": "GHSA-xc9x-jj77-9p9j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml", "reference_id": "GHSA-xc9x-jj77-9p9j.yml", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68770?format=api", "purl": "pkg:gem/nokogiri@1.15.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/169016?format=api", "purl": "pkg:gem/nokogiri@1.16.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/68769?format=api", "purl": "pkg:gem/nokogiri@1.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2" } ], "aliases": [ "GHSA-xc9x-jj77-9p9j", "GMS-2024-127" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6m6-7kgc-y3g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51501?format=api", "vulnerability_id": "VCID-pb6j-zdqw-g7cj", "summary": "Nokogiri patches vendored libxml2 to resolve multiple CVEs\n## Summary\n\nNokogiri v1.18.9 patches the vendored libxml2 to address\nCVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795,\nand CVE-2025-49796.\n\n## Impact and severity\n\n### CVE-2025-6021\n\nA flaw was found in libxml2's xmlBuildQName function, where integer\noverflows in buffer size calculations can lead to a stack-based\nbuffer overflow. This issue can result in memory corruption or a\ndenial of service when processing crafted input.\n\nNVD claims a severity of 7.5 High\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae\n\n### CVE-2025-6170\n\nA flaw was found in the interactive shell of the xmllint command-line\ntool, used for parsing XML files. When a user inputs an overly long\ncommand, the program does not check the input size properly, which\ncan cause it to crash. This issue might allow attackers to run\nharmful code in rare configurations without modern protections.\n\nNVD claims a severity of 2.5 Low\n(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c1\n\n### CVE-2025-49794\n\nA use-after-free vulnerability was found in libxml2. This issue\noccurs when parsing XPath elements under certain circumstances when\nthe XML schematron has the <sch:name path=\"...\"/> schema elements.\nThis flaw allows a malicious actor to craft a malicious XML document\nused as input for libxml, resulting in the program's crash using\nlibxml or other possible undefined behaviors.\n\nNVD claims a severity of 9.1 Critical\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5\n\n### CVE-2025-49795\n\nA NULL pointer dereference vulnerability was found in libxml2 when\nprocessing XPath XML expressions. This flaw allows an attacker to\ncraft a malicious XML input to libxml2, leading to a denial of service.\n\nNVD claims a severity of 7.5 High\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278\n\n### CVE-2025-49796\n\nA vulnerability was found in libxml2. Processing certain sch:name\nelements from the input XML file can trigger a memory corruption\nissue. This flaw allows an attacker to craft a malicious XML input\nfile that can lead libxml to crash, resulting in a denial of service\nor other possible undefined behavior due to sensitive data being\ncorrupted in memory.\n\nNVD claims a severity of 9.1 Critical\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5\n\n## Affected Versions\n\n- Nokogiri < 1.18.9 when using CRuby (MRI) with vendored libxml2\n\n## Patched Versions\n\n- Nokogiri >= 1.18.9\n\n## Mitigation\n\nUpgrade to Nokogiri v1.18.9 or later.\n\nUsers who are unable to upgrade Nokogiri may also choose a more\ncomplicated mitigation: compile and link Nokogiri against patched\nexternal libxml2 libraries which will also address these same issues.", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/3526", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/pull/3526" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794", "reference_id": "CVE-2025-49794", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49795", "reference_id": "CVE-2025-49795", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49795" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796", "reference_id": "CVE-2025-49796", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021", "reference_id": "CVE-2025-6021", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6021" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "reference_id": "CVE-2025-6170", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170" }, { "reference_url": "https://github.com/advisories/GHSA-353f-x4gh-cqq8", "reference_id": "GHSA-353f-x4gh-cqq8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-353f-x4gh-cqq8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85837?format=api", "purl": "pkg:gem/nokogiri@1.18.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d13x-y75t-2ugx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.9" } ], "aliases": [ "GHSA-353f-x4gh-cqq8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb6j-zdqw-g7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51492?format=api", "vulnerability_id": "VCID-pr2j-1118-hqaa", "summary": "Update bundled libxml2 to v2.10.3 to resolve multiple CVEs\n### Summary\n\nNokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to\n[v2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3) from\nv2.9.14.\n\nlibxml2 v2.10.3 addresses the following known vulnerabilities:\n\n- [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)\n- [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)\n- [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)\n\nPlease note that this advisory only applies to the CRuby implementation of\nNokogiri `< 1.13.9`, and only if the _packaged_ libraries are being used. If\nyou've overridden defaults at installation time to use _system_ libraries\ninstead of packaged libraries, you should instead pay attention to your\ndistro's `libxml2` release announcements.\n\n\n### Mitigation\n\nUpgrade to Nokogiri `>= 1.13.9`.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated\nmitigation: compile and link Nokogiri against external libraries libxml2\n`>= 2.10.3` which will also address these same issues.\n\n\n### Impact\n\n#### libxml2 [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)\n\n- **CVSS3 score**: Under evaluation\n- **Type**: Denial of service\n- **Description**: NULL Pointer Dereference allows attackers to cause a denial\nof service (or application crash). This only applies when lxml is used\ntogether with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not\naffected. It allows triggering crashes through forged input data, given a\nvulnerable code sequence in the application. The vulnerability is caused by\nthe iterwalk function (also used by the canonicalize function). Such code\nshouldn't be in wide-spread use, given that parsing + iterwalk would usually\nbe replaced with the more efficient iterparse function. However, an XML\nconverter that serialises to C14N would also be vulnerable, for example, and\nthere are legitimate use cases for this code sequence. If untrusted input is\nreceived (also remotely) and processed via iterwalk function, a crash can be\ntriggered.\n\nNokogiri maintainers investigated at #2620 and determined this CVE does not\naffect Nokogiri users.\n\n\n#### libxml2 [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)\n\n- **CVSS3 score**: Unspecified upstream\n- **Type**: Data corruption, denial of service\n- **Description**: When an entity reference cycle is detected, the entity\ncontent is cleared by setting its first byte to zero. But the entity content\nmight be allocated from a dict. In this case, the dict entry becomes corrupted\nleading to all kinds of logic errors, including memory errors like\ndouble-frees.\n\nSee https://gitlab.gnome.org/GNOME/libxml2/-/commit/644a89e080bced793295f61f18aac8cfad6bece2\n\n\n#### libxml2 [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)\n\n- **CVSS3 score**: Unspecified upstream\n- **Type**: Integer overflow\n- **Description**: Integer overflows with XML_PARSE_HUGE\n\nSee https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/145080?format=api", "purl": "pkg:gem/nokogiri@1.13.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9" } ], "aliases": [ "GHSA-2qc6-mcvw-92cw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr2j-1118-hqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51496?format=api", "vulnerability_id": "VCID-q3td-7t4g-57ba", "summary": "Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459\n## Summary\n\nNokogiri v1.16.5 upgrades its dependency libxml2 to\n[2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from 2.12.6.\n\nlibxml2 v2.12.7 addresses CVE-2024-34459:\n\n- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720\n- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53\n\n## Impact\n\nThere is no impact to Nokogiri users because the issue is present only\nin libxml2's `xmllint` tool which Nokogiri does not provide or expose.\n\n## Timeline\n\n- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced\n- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage\n- 2024-05-13 10:05 EDT, nokogiri [v1.16.5 is released](https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5)\n and this GHSA made public", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720" }, { "reference_url": "https://github.com/advisories/GHSA-r95h-9x8f-r3f7", "reference_id": "GHSA-r95h-9x8f-r3f7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r95h-9x8f-r3f7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81252?format=api", "purl": "pkg:gem/nokogiri@1.16.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5" } ], "aliases": [ "GHSA-r95h-9x8f-r3f7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3td-7t4g-57ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42884?format=api", "vulnerability_id": "VCID-qkq6-n1ds-x7e5", "summary": "Inefficient Regular Expression Complexity\nNokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01827", "scoring_system": "epss", "scoring_elements": "0.83241", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24836" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/23" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3" }, { "reference_url": "https://security.gentoo.org/glsa/202208-29", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-29" }, { "reference_url": "https://support.apple.com/kb/HT213532", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT213532" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787", "reference_id": "1009787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074346", "reference_id": "2074346", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074346" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24836", "reference_id": "CVE-2022-24836", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24836" }, { "reference_url": "https://github.com/advisories/GHSA-crjr-9rc5-ghw8", "reference_id": "GHSA-crjr-9rc5-ghw8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-crjr-9rc5-ghw8" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8", "reference_id": "GHSA-crjr-9rc5-ghw8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8506", "reference_id": "RHSA-2022:8506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8506" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61129?format=api", "purl": "pkg:gem/nokogiri@1.13.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4" } ], "aliases": [ "CVE-2022-24836", "GHSA-crjr-9rc5-ghw8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkq6-n1ds-x7e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4123?format=api", "vulnerability_id": "VCID-u9b2-qx2j-c7by", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29163", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5815" }, { "reference_url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/2630", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/2630" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702905", "reference_id": "1702905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702905" }, { "reference_url": "https://security.archlinux.org/ASA-201904-12", "reference_id": "ASA-201904-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-12" }, { "reference_url": "https://security.archlinux.org/AVG-952", "reference_id": "AVG-952", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-952" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815", "reference_id": "CVE-2019-5815", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815" }, { "reference_url": "https://security.gentoo.org/glsa/201908-18", "reference_id": "GLSA-201908-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1021", "reference_id": "RHSA-2019:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1021" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57780?format=api", "purl": "pkg:gem/nokogiri@1.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/58267?format=api", "purl": "pkg:gem/nokogiri@1.10.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5" } ], "aliases": [ "CVE-2019-5815", "GHSA-vmfx-gcfq-wvm2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9b2-qx2j-c7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4339?format=api", "vulnerability_id": "VCID-ueh5-fv4d-a7a8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02535", "scoring_system": "epss", "scoring_elements": "0.85726", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15412" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=783160", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=783160" }, { "reference_url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" }, { "reference_url": "https://crbug.com/727039", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://crbug.com/727039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1714", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1714" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html" }, { "reference_url": "https://security.gentoo.org/glsa/201801-03", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201801-03" }, { "reference_url": "https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4086", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4086" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", "reference_id": "1523128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790", "reference_id": "883790", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790" }, { "reference_url": "https://security.archlinux.org/ASA-201712-5", "reference_id": "ASA-201712-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-5" }, { "reference_url": "https://security.archlinux.org/AVG-544", "reference_id": "AVG-544", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-544" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", "reference_id": "CVE-2017-15412", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", "reference_id": "CVE-2017-15412.HTML", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3401", "reference_id": "RHSA-2017:3401", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0287", "reference_id": "RHSA-2018:0287", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55376?format=api", "purl": "pkg:gem/nokogiri@1.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2" } ], "aliases": [ "CVE-2017-15412", "GHSA-r58r-74gx-6wx3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ueh5-fv4d-a7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4045?format=api", "vulnerability_id": "VCID-uk9u-nn9a-4yes", "summary": "multiple issues", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89355", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18197" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191031-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191031-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200416-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200416-0004" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768", "reference_id": "1770768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646", "reference_id": "942646", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646" }, { "reference_url": "https://security.archlinux.org/ASA-202002-3", "reference_id": "ASA-202002-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-3" }, { "reference_url": "https://security.archlinux.org/AVG-1092", "reference_id": "AVG-1092", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1092" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197", "reference_id": "CVE-2019-18197", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0514", "reference_id": "RHSA-2020:0514", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4005", "reference_id": "RHSA-2020:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4464", "reference_id": "RHSA-2020:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4464" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58267?format=api", "purl": "pkg:gem/nokogiri@1.10.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5" } ], "aliases": [ "CVE-2019-18197", "GHSA-242x-7cm6-4w8j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uk9u-nn9a-4yes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51502?format=api", "vulnerability_id": "VCID-v982-h7ee-qugt", "summary": "CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw\nNokogiri before 1.5.4 is vulnerable to XXE attacks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6685.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6685.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00323", "scoring_system": "epss", "scoring_elements": "0.55618", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6685" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178970" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/599856367150709497a3a03bee930bd76504d95d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/commit/599856367150709497a3a03bee930bd76504d95d" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/693", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/693" }, { "reference_url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nokogiri.org/CHANGELOG.html#154-2012-06-12" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6685", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6685" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76714?format=api", "purl": "pkg:gem/nokogiri@1.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-124d-zrmb-xue8" }, { "vulnerability": "VCID-1gbb-d6uh-n7gp" }, { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-7qc1-88v3-2qbv" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-b8q3-sd61-rqhf" }, { "vulnerability": "VCID-ba5w-ed8b-duar" }, { "vulnerability": "VCID-cgmw-k7dg-gbdw" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-ft4s-195a-8fcf" }, { "vulnerability": "VCID-gdgu-7d3a-uygr" }, { "vulnerability": "VCID-gwrv-agck-yuex" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-jvd7-7jes-4ffn" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-u9b2-qx2j-c7by" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" }, { "vulnerability": "VCID-zx33-nyvt-vbe9" }, { "vulnerability": "VCID-zyw7-c8pt-kqhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.5.4" } ], "aliases": [ "CVE-2012-6685", "GHSA-6wj9-77wq-jq7p", "OSV-90946" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v982-h7ee-qugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51490?format=api", "vulnerability_id": "VCID-wnj6-hc4g-ykfs", "summary": "Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415\n## Summary\n\nNokogiri v1.18.8 upgrades its dependency libxml2 to\n[v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).\n\nlibxml2 v2.13.8 addresses:\n\n- CVE-2025-32414\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889\n- CVE-2025-32415\n - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890\n\n## Impact\n\n### CVE-2025-32414: No impact\n\nIn libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds\nmemory access can occur in the Python API (Python bindings) because\nof an incorrect return value. This occurs in xmlPythonFileRead and\nxmlPythonFileReadRaw because of a difference between bytes and characters.\n\n**There is no impact** from this CVE for Nokogiri users.\n\n### CVE-2025-32415: Low impact\n\nIn libxml2 before 2.13.8 and 2.14.x before 2.14.2,\nxmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer\nunder-read. To exploit this, a crafted XML document must be validated\nagainst an XML schema with certain identity constraints, or a\ncrafted XML schema must be used.\n\nIn the upstream issue, further context is provided by the maintainer:\n\n> The bug affects validation against untrusted XML Schemas (.xsd)\n> and validation of untrusted documents against trusted Schemas if\n> they make use of xsd:keyref in combination with recursively\n> defined types that have additional identity constraints.\n\nMITRE has published a severity score of 2.9 LOW\n(CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) for this CVE.", "references": [ { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8" }, { "reference_url": "https://github.com/advisories/GHSA-5w6v-399v-w3cc", "reference_id": "GHSA-5w6v-399v-w3cc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5w6v-399v-w3cc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84887?format=api", "purl": "pkg:gem/nokogiri@1.18.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.8" } ], "aliases": [ "GHSA-5w6v-399v-w3cc" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wnj6-hc4g-ykfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44899?format=api", "vulnerability_id": "VCID-yrjg-2aw9-effx", "summary": "Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs\n### Summary\n\nNokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.\n\nlibxml2 v2.10.4 addresses the following known vulnerabilities:\n\n- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic\n- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType\n- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK\n\nPlease note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.\n\n\n### Mitigation\n\nUpgrade to Nokogiri `>= 1.14.3`.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.4` which will also address these same issues.\n\n\n### Impact\n\nNo public information has yet been published about the security-related issues other than the upstream commits. Examination of those changesets indicate that the more serious issues relate to libxml2 dereferencing NULL pointers and potentially segfaulting while parsing untrusted inputs.\n\nThe commits can be examined at:\n\n- [[CVE-2023-29469] Hashing of empty dict strings isn't deterministic (09a2dd45) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64)\n- [[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType (647e072e) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f)\n- [schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK (4c6922f7) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6)", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4" }, { "reference_url": "https://github.com/advisories/GHSA-pxvg-2qj5-37jq", "reference_id": "GHSA-pxvg-2qj5-37jq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pxvg-2qj5-37jq" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq", "reference_id": "GHSA-pxvg-2qj5-37jq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64578?format=api", "purl": "pkg:gem/nokogiri@1.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.14.3" } ], "aliases": [ "GHSA-pxvg-2qj5-37jq", "GMS-2023-1115" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjg-2aw9-effx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51448?format=api", "vulnerability_id": "VCID-zx33-nyvt-vbe9", "summary": "Rexical Command Injection Vulnerability\nA command injection vulnerability appears in code generated by the Rexical\ngem versions v1.0.6 and earlier. It allows commands to be executed in a\nsubprocess by Ruby's `Kernel.open` method.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09316", "scoring_system": "epss", "scoring_elements": "0.92907", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5477" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1915", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1915" }, { "reference_url": "https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc" }, { "reference_url": "https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926" }, { "reference_url": "https://hackerone.com/reports/650835", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/650835" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html" }, { "reference_url": "https://security.gentoo.org/glsa/202006-05", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202006-05" }, { "reference_url": "https://usn.ubuntu.com/4175-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4175-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802", "reference_id": "934802", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905", "reference_id": "940905", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5477", "reference_id": "CVE-2019-5477", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5477" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57780?format=api", "purl": "pkg:gem/nokogiri@1.10.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sh8-bsk3-auct" }, { "vulnerability": "VCID-2r85-egs8-4be3" }, { "vulnerability": "VCID-5xuf-r7bj-33fa" }, { "vulnerability": "VCID-chdv-jk6d-uuga" }, { "vulnerability": "VCID-d13x-y75t-2ugx" }, { "vulnerability": "VCID-jxz3-ug52-cuhn" }, { "vulnerability": "VCID-p6m6-7kgc-y3g8" }, { "vulnerability": "VCID-pb6j-zdqw-g7cj" }, { "vulnerability": "VCID-pr2j-1118-hqaa" }, { "vulnerability": "VCID-q3td-7t4g-57ba" }, { "vulnerability": "VCID-qkq6-n1ds-x7e5" }, { "vulnerability": "VCID-uk9u-nn9a-4yes" }, { "vulnerability": "VCID-wnj6-hc4g-ykfs" }, { "vulnerability": "VCID-yrjg-2aw9-effx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4" } ], "aliases": [ "CVE-2019-5477", "GHSA-cr5j-953j-xw5p" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zx33-nyvt-vbe9" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.4.3" }