VulnerableCode Package Details - pkg:gem/nokogiri@1.6.7.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-h12s-4b71-ekev Aliases: CVE-2015-5312 GHSA-xjqg-9jvg-fgx2	Nokogiri gem contains several vulnerabilities in libxml2 Nokogiri version 1.6.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2015-5312 CVSS v2 Base Score: 7.1 (HIGH) The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. CVE-2015-7497 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. CVE-2015-7498 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. CVE-2015-7499 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVE-2015-7500 CVSS v2 Base Score: 5.0 (MEDIUM) The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVE-2015-8241 CVSS v2 Base Score: 6.4 (MEDIUM) The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8242 CVSS v2 Base Score: 5.8 (MEDIUM) The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8317 CVSS v2 Base Score: 5.0 (MEDIUM) The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.	1.6.7.1 Affected by 46 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-h12s-4b71-ekev
Aliases:
CVE-2015-5312
GHSA-xjqg-9jvg-fgx2

Nokogiri gem contains several vulnerabilities in libxml2 Nokogiri version 1.6.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2015-5312 CVSS v2 Base Score: 7.1 (HIGH) The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. CVE-2015-7497 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. CVE-2015-7498 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. CVE-2015-7499 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVE-2015-7500 CVSS v2 Base Score: 5.0 (MEDIUM) The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVE-2015-8241 CVSS v2 Base Score: 6.4 (MEDIUM) The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8242 CVSS v2 Base Score: 5.8 (MEDIUM) The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVE-2015-8317 CVSS v2 Base Score: 5.0 (MEDIUM) The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

1.6.7.1
Affected by 46 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T12:27:25.286731+00:00	GHSA Importer	Affected by	VCID-h12s-4b71-ekev	https://github.com/advisories/GHSA-xjqg-9jvg-fgx2	37.0.0

2025-07-31T12:27:25.286731+00:00

GHSA Importer

Affected by

VCID-h12s-4b71-ekev

https://github.com/advisories/GHSA-xjqg-9jvg-fgx2

37.0.0

purl	pkg:gem/nokogiri@1.6.7.0
Tags	Ghost

Next non-vulnerable version	1.18.9
Latest non-vulnerable version	1.18.9
Risk	4.0