Lucene search
GitHub Advisory DatabaseGHSA-R3W4-36X6-7R99HistoryMay 14, 2024 - 10:30 p.m.
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
2024-05-1422:30:45
CWE-119
GitHub Advisory Database
github.com
7
nokogiri
libxml2
update
cve-2024-34459
security
release
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-r95h-9x8f-r3f7. This link is maintained to preserve external references.
Original Description
Summary
Nokogiri v1.16.5 upgrades its dependency libxml2 to
2.12.7 from 2.12.6.
libxml2 v2.12.7 addresses CVE-2024-34459:
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
Impact
There is no impact to Nokogiri users because the issue is present only
in libxml2’s xmllint tool which Nokogiri does not provide or expose.
Timeline
- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
- 2024-05-13 10:05 EDT, nokogiri v1.16.5 is released
and this GHSA made public
Affected configurations
Node
nokogirinokogiriRange<1.16.5
Related
alpinelinux
alpinelinux
CVE-2024-34459
2024-05-14 15:39:11
osv
osv
CVE-2024-34459
2024-05-14 15:39:11
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
2024-05-13 16:05:42
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
2024-05-14 22:30:45
github
github
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
2024-05-13 16:05:42
cve
cve
CVE-2024-34459
2024-05-14 15:39:11
cvelist
cvelist
CVE-2024-34459
2024-05-13 00:00:00
nessus
nessus
Fedora 40 : mingw-libxml2 (2024-9ffc6cc7bf)
2024-05-25 00:00:00
Fedora 40 : libxml2 (2024-08e01e9f2f)
2024-05-23 00:00:00
Fedora 39 : mingw-libxml2 (2024-4862425658)
2024-05-25 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0211)
2024-06-07 00:00:00
Fedora: Security Advisory for mingw-libxml2 (FEDORA-2024-9ffc6cc7bf)
2024-05-27 00:00:00
Fedora: Security Advisory for libxml2 (FEDORA-2024-08e01e9f2f)
2024-05-27 00:00:00
ubuntucve
ubuntucve
CVE-2024-34459
2024-05-14 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: libxml2-2.12.7-1.fc40
2024-05-23 01:09:33
[SECURITY] Fedora 39 Update: mingw-libxml2-2.12.7-1.fc39
2024-05-25 01:11:40
[SECURITY] Fedora 40 Update: mingw-libxml2-2.12.7-1.fc40
2024-05-25 01:05:16
nvd
nvd
CVE-2024-34459
2024-05-14 15:39:11
mageia
mageia
Updated libxml2 packages fix security vulnerability
2024-06-06 18:48:22
veracode
veracode
Buffer Over-read
2024-05-14 06:30:26
redhatcve
redhatcve
CVE-2024-34459
2024-05-15 06:29:32
cbl_mariner
cbl_mariner
CVE-2024-34459 affecting package libxml2 for versions less than 2.10.4-3
2024-06-12 22:23:00
debiancve
debiancve
CVE-2024-34459
2024-05-14 15:39:11
slackware
slackware
[slackware-security] libxml2
2024-05-13 18:25:17