Search for packages
Package details: pkg:gem/nokogiri@1.6
purl pkg:gem/nokogiri@1.6
Tags Ghost
Next non-vulnerable version 1.18.8
Latest non-vulnerable version 1.18.8
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-7wfq-9aqq-aaam
Aliases:
CVE-2013-6460
GHSA-62qp-3fxm-9wxf
OSV-101179
Memory Exhaustion Vulnerability when using JRuby Attackers can send XML documents with carefully crafted documents which can cause the XML processor to enter an infinite loop, causing the server to run out of memory and crash. Impacted code will look something like this: `doc = Nokogiri.XML(untrusted_input)`.
1.6.1
Affected by 58 other vulnerabilities.
VCID-tb2b-6fm6-aaaq
Aliases:
CVE-2013-6461
GHSA-jmhh-w7xp-wg39
OSV-101458
Entity Expansion Vulnerability when using JRuby An error when parsing XML entities can be exploited to exhaust memory and cause the server to crash via a specially crafted XML document including external entity references. Impacted code will look something like this: `doc = Nokogiri.XML(untrusted_input)`.
1.6.1
Affected by 58 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-18T08:44:08.934127+00:00 Ruby Importer Affected by VCID-tb2b-6fm6-aaaq https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml 34.0.1
2024-09-18T08:44:08.852660+00:00 Ruby Importer Affected by VCID-7wfq-9aqq-aaam https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml 34.0.1
2024-09-17T22:47:39.217773+00:00 GitLab Importer Affected by VCID-tb2b-6fm6-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2013-6461.yml 34.0.1
2024-09-17T22:47:38.995188+00:00 GitLab Importer Affected by VCID-7wfq-9aqq-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2013-6460.yml 34.0.1
2024-04-23T22:45:12.170121+00:00 Ruby Importer Affected by VCID-tb2b-6fm6-aaaq https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml 34.0.0rc4
2024-04-23T22:45:12.103146+00:00 Ruby Importer Affected by VCID-7wfq-9aqq-aaam https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml 34.0.0rc4
2024-01-03T18:08:44.674300+00:00 GitLab Importer Affected by VCID-tb2b-6fm6-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2013-6461.yml 34.0.0rc1
2024-01-03T18:08:44.489398+00:00 GitLab Importer Affected by VCID-7wfq-9aqq-aaam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2013-6460.yml 34.0.0rc1