Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/nokogiri@1.6.8

Type gem

Namespace

Name nokogiri

Version 1.6.8

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.7.1

Latest_non_vulnerable_version 1.19.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-egft-crba-6ubx

vulnerability_id VCID-egft-crba-6ubx

summary

Uncontrolled Resource Consumption
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

references

reference_url	https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028

reference_url	https://github.com/sparklemotion/nokogiri/issues/1473
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/issues/1473

reference_url	https://mail.gnome.org/archives/xml/2016-May/msg00023.html
reference_id
reference_type
scores
url	https://mail.gnome.org/archives/xml/2016-May/msg00023.html

reference_url	http://www.ubuntu.com/usn/usn-2994-1/
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-2994-1/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-8806
reference_id	CVE-2015-8806
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-8806

fixed_packages

url	pkg:gem/nokogiri@1.6.8
purl	pkg:gem/nokogiri@1.6.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8

aliases CVE-2015-8806

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egft-crba-6ubx

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8

Package Instance