Lucene search

FreeBSD13C54E6D-5C45-11EB-B4E2-001B217B3468

HistoryJan 22, 2021 - 12:00 a.m.

nokogiri -- Security vulnerability

2021-01-2200:00:00

vuxml.freebsd.org

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

Nokogiri reports:

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrubygem-nokogiri< 1.11.0.rc3UNKNOWN
FreeBSDanynoarchrubygem-nokogiri18< 1.11.0.rc3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rubygem-nokogiri	< 1.11.0.rc3	UNKNOWN
FreeBSD	any	noarch	rubygem-nokogiri18	< 1.11.0.rc3	UNKNOWN

References

nokogiri.org/CHANGELOG.html

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for 13C54E6D-5C45-11EB-B4E2-001B217B3468