Search for packages
| purl | pkg:deb/debian/nekohtml@1.9.22-1.1 |
| Next non-vulnerable version | 1.9.22.noko2-0.1 |
| Latest non-vulnerable version | 1.9.22.noko2-0.1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-68me-whtg-cybp
Aliases: CVE-2022-24839 GHSA-9849-p7jc-9rmv GHSA-gx8x-g87m-h5q6 GMS-2022-786 |
Denial of Service (DoS) in Nokogiri on JRuby ## Summary Nokogiri `v1.13.4` updates the vendored `org.cyberneko.html` library to `1.9.22.noko2` which addresses [CVE-2022-24839](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv). That CVE is rated 7.5 (High Severity). See [GHSA-9849-p7jc-9rmv](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv) for more information. Please note that this advisory only applies to the **JRuby** implementation of Nokogiri `< 1.13.4`. ## Mitigation Upgrade to Nokogiri `>= 1.13.4`. ## Impact ### [CVE-2022-24839](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv) in nekohtml - **Severity**: High 7.5 - **Type**: [CWE-400](https://cwe.mitre.org/data/definitions/400.html) Uncontrolled Resource Consumption - **Description**: The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. - **See also**: [GHSA-9849-p7jc-9rmv](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv) |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T13:17:32.859120+00:00 | Debian Importer | Affected by | VCID-68me-whtg-cybp | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |