{"url":"http://public2.vulnerablecode.io/api/packages/51687?format=json","purl":"pkg:gem/nokogiri@1.1.28","type":"gem","namespace":"","name":"nokogiri","version":"1.1.28","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.19.3","latest_non_vulnerable_version":"1.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10946?format=json","vulnerability_id":"VCID-vy1s-s9ff-6yhy","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nnokogiri mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.","references":[{"reference_url":"http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html","reference_id":"","reference_type":"","scores":[],"url":"http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1683","reference_id":"","reference_type":"","scores":[{"value":"0.00989","scoring_system":"epss","scoring_elements":"0.77167","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1683"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340016","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340016"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1683","reference_id":"CVE-2016-1683","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1683"},{"reference_url":"https://security.gentoo.org/glsa/201607-07","reference_id":"GLSA-201607-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-07"},{"reference_url":"https://usn.ubuntu.com/2992-1/","reference_id":"USN-2992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2992-1/"},{"reference_url":"https://usn.ubuntu.com/3271-1/","reference_id":"USN-3271-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3271-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51688?format=json","purl":"pkg:gem/nokogiri@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12ee-na2t-6kg5"},{"vulnerability":"VCID-1h5h-pvc7-9yhh"},{"vulnerability":"VCID-1ks1-3a4g-eqe7"},{"vulnerability":"VCID-1ksa-wbqf-j7fu"},{"vulnerability":"VCID-24ud-18pe-dudw"},{"vulnerability":"VCID-2ub7-t6nu-syfs"},{"vulnerability":"VCID-38c3-z9yc-4ybx"},{"vulnerability":"VCID-4yvf-h1z3-nfd7"},{"vulnerability":"VCID-5wxq-ekcv-vqhq"},{"vulnerability":"VCID-6b72-3exf-qfhs"},{"vulnerability":"VCID-8274-u9e9-uufm"},{"vulnerability":"VCID-94b6-kg9t-fbee"},{"vulnerability":"VCID-94mh-kks8-4yf4"},{"vulnerability":"VCID-9mh9-rax2-1bbb"},{"vulnerability":"VCID-9psz-qfqt-e3fs"},{"vulnerability":"VCID-9qtg-gxza-6ba9"},{"vulnerability":"VCID-9xty-6acy-mub7"},{"vulnerability":"VCID-ajrr-ueqy-2bam"},{"vulnerability":"VCID-arq2-c738-tugt"},{"vulnerability":"VCID-bj99-tt95-63ak"},{"vulnerability":"VCID-cft6-gvm9-8qf4"},{"vulnerability":"VCID-cq5z-6cmf-5kfs"},{"vulnerability":"VCID-e37h-xnn4-hbcn"},{"vulnerability":"VCID-f91q-9psx-qkaa"},{"vulnerability":"VCID-g5sw-gyv7-vya1"},{"vulnerability":"VCID-gpcm-1wx2-guhq"},{"vulnerability":"VCID-hmj1-53pj-2ugn"},{"vulnerability":"VCID-jjqw-bevm-f7b2"},{"vulnerability":"VCID-jn4q-gdy9-eqa4"},{"vulnerability":"VCID-jvbh-pnxm-9bg7"},{"vulnerability":"VCID-jwaq-3j9v-nbde"},{"vulnerability":"VCID-ktaj-j2nh-zug6"},{"vulnerability":"VCID-kzy6-b4n3-m7d4"},{"vulnerability":"VCID-m542-6h3p-gudj"},{"vulnerability":"VCID-mhpn-9y7w-ykcd"},{"vulnerability":"VCID-p1yd-qud5-ckbu"},{"vulnerability":"VCID-pffr-3a27-4qgx"},{"vulnerability":"VCID-pjeb-1jpy-kkea"},{"vulnerability":"VCID-pzwn-gux6-y3hj"},{"vulnerability":"VCID-qysn-w1za-83ea"},{"vulnerability":"VCID-sgvg-768f-gybf"},{"vulnerability":"VCID-snqn-nz53-f3b7"},{"vulnerability":"VCID-tdsp-x2ft-1yfy"},{"vulnerability":"VCID-tswn-2k3y-wkhk"},{"vulnerability":"VCID-uud6-jbnt-dkhb"},{"vulnerability":"VCID-vkzp-3xvx-zfby"},{"vulnerability":"VCID-vsfg-94ug-vydr"},{"vulnerability":"VCID-w6ws-2kbb-bfgs"},{"vulnerability":"VCID-ykfz-evfp-uyhw"},{"vulnerability":"VCID-zka7-1e8v-d3d7"},{"vulnerability":"VCID-zqnw-e1eq-dqbv"},{"vulnerability":"VCID-zuw7-d1r3-77h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.2.0"}],"aliases":["CVE-2016-1683"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vy1s-s9ff-6yhy"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.1.28"}