VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-duvb-k7ce-aaar

Essentials
Severities (118)
References (21)
Severity details (38)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-duvb-k7ce-aaar
Aliases	CVE-2022-29181 GHSA-xh29-r2w5-wx8m
Summary	Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-241	Improper Handling of Unexpected Data Type
CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	8.2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
epss	0.00284	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00284	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00330	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00330	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.00368	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.01722	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.02075	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.02075	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.02075	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.02075	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.02432	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.02432	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.02498	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.03001	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.03001	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.03001	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.03001	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.0432	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.05753	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss	0.06955	https://api.first.org/data/v1/epss?cve=CVE-2022-29181
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2088684
cvssv3.1	8.2	http://seclists.org/fulldisclosure/2022/Dec/23
generic_textual	HIGH	http://seclists.org/fulldisclosure/2022/Dec/23
ssvc	Track	http://seclists.org/fulldisclosure/2022/Dec/23
cvssv3.1	7.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-xh29-r2w5-wx8m
cvssv3.1	8.2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
cvssv3.1	8.2	https://github.com/sparklemotion/nokogiri
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri
cvssv3.1	8.2	https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
ssvc	Track	https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
cvssv3.1	8.2	https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
ssvc	Track	https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
cvssv3.1	8.2	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
ssvc	Track	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
cvssv3	8.2	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
cvssv3.1	8.2	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
cvssv3.1_qr	HIGH	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
ssvc	Track	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
cvssv2	6.4	https://nvd.nist.gov/vuln/detail/CVE-2022-29181
cvssv3	8.2	https://nvd.nist.gov/vuln/detail/CVE-2022-29181
cvssv3.1	8.2	https://nvd.nist.gov/vuln/detail/CVE-2022-29181
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-29181
cvssv3.1	8.2	https://security.gentoo.org/glsa/202208-29
generic_textual	HIGH	https://security.gentoo.org/glsa/202208-29
ssvc	Track	https://security.gentoo.org/glsa/202208-29
cvssv3.1	8.2	https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
generic_textual	HIGH	https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
ssvc	Track	https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
cvssv3.1	8.2	https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/
ssvc	Track	https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/
cvssv3.1	8.2	https://support.apple.com/kb/HT213532
generic_textual	HIGH	https://support.apple.com/kb/HT213532
ssvc	Track	https://support.apple.com/kb/HT213532

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-29181
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
		http://seclists.org/fulldisclosure/2022/Dec/23
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/sparklemotion/nokogiri
		https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
		https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
		https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
		https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
		https://security.gentoo.org/glsa/202208-29
		https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
		https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/
		https://support.apple.com/kb/HT213532
2088684		https://bugzilla.redhat.com/show_bug.cgi?id=2088684
cpe:2.3:a:nokogiri:nokogiri::::::ruby::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri::::::ruby::*
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
CVE-2022-29181		https://nvd.nist.gov/vuln/detail/CVE-2022-29181
CVE-2022-29181.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
GHSA-xh29-r2w5-wx8m		https://github.com/advisories/GHSA-xh29-r2w5-wx8m
RHSA-2022:8506		https://access.redhat.com/errata/RHSA-2022:8506

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/23

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at http://seclists.org/fulldisclosure/2022/Dec/23

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29181

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29181

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29181

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://security.gentoo.org/glsa/202208-29

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://security.gentoo.org/glsa/202208-29

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://support.apple.com/kb/HT213532

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://support.apple.com/kb/HT213532

Exploit Prediction Scoring System (EPSS)

Percentile	0.68211
EPSS Score	0.00284
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.