Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: nokogiri
date: 2018-01-29
url: https://github.com/sparklemotion/nokogiri/issues/1714
cve: 2017-15412
title: Nokogiri gem, via libxml, is affected by DoS vulnerabilities
description: |
  The version of libxml2 packaged with Nokogiri contains a
  vulnerability. Nokogiri has mitigated these issue by upgrading to
  libxml 2.9.6.

  It was discovered that libxml2 incorrecty handled certain files. An attacker
  could use this issue with specially constructed XML data to cause libxml2 to
  consume resources, leading to a denial of service.
patched_versions:
- ">= 1.8.2"
related:
  cve: '["2017-18258"]'
  url: '["https://usn.ubuntu.com/usn/usn-3513-1/", "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html"]'