Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Nokogiri subject to DoS via libxml2 vulnerability #8

Open
sniffler-app bot opened this issue Apr 15, 2023 · 0 comments
Open

Nokogiri subject to DoS via libxml2 vulnerability #8

sniffler-app bot opened this issue Apr 15, 2023 · 0 comments
Assignees
@ls-barnaby-claydon
Labels
dependabot high security

Comments

@sniffler-app
Copy link

sniffler-app bot commented Apr 15, 2023

Description

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 (as used in nokogiri before 1.6.7.1) does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

Informations

Manifest Path: Gemfile.lock

Please look at dependabot report :https://github.com/swipely/reinvent-demo/security/dependabot/26
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ls-barnaby-claydon ls-barnaby-claydon

Labels
dependabot high security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ls-barnaby-claydon