Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Nokogiri lacked integer overflow checks #5

Open
sniffler-app bot opened this issue Apr 15, 2023 · 0 comments
Open

Nokogiri lacked integer overflow checks #5

sniffler-app bot opened this issue Apr 15, 2023 · 0 comments
Assignees
@ls-barnaby-claydon
Labels
dependabot high security

Comments

@sniffler-app
Copy link

sniffler-app bot commented Apr 15, 2023

Description

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Nokogiri prior to 1.7.2, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Informations

Manifest Path: Gemfile.lock

Please look at dependabot report :https://github.com/swipely/reinvent-demo/security/dependabot/23
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ls-barnaby-claydon ls-barnaby-claydon

Labels
dependabot high security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ls-barnaby-claydon