Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
References
Configurations
History
No history.
Information
Published : 2022-05-20 19:15
Updated : 2024-11-21 06:58
NVD link : CVE-2022-29181
Mitre link : CVE-2022-29181
CVE.ORG link : CVE-2022-29181
JSON object : View
Products Affected
nokogiri
- nokogiri
apple
- macos