RubySec

Providing security resources for the Ruby community

CVE-2012-6685 (nokogiri): CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw

ADVISORIES

GEM

nokogiri

SEVERITY

CVSS v3.x: 7.5 (High)

CVSS v2.0: 5.0 (Medium)

PATCHED VERSIONS

  • >= 1.5.4

DESCRIPTION

Nokogiri before 1.5.4 is vulnerable to XXE attacks

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories