libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Published: February 12, 2020
SECURITY IDENTIFIERS
- CVE: CVE-2020-7595 (NVD)
- GHSA: GHSA-7553-jr98-vx47
- Vendor Advisory: https://github.com/sparklemotion/nokogiri/issues/1992
GEM
SEVERITY
PATCHED VERSIONS
>= 1.10.8
DESCRIPTION
Nokogiri has backported the patch for CVE-2020-7595 into its vendored version of libxml2, and released this as v1.10.8
CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and so Nokogiri versions <= v1.10.7 are vulnerable.