Updated ruby-nokogiri packages fix security vulnerabilities

🗓️ 04 Feb 2021 13:40:24Reported by Gentoo FoundationType

mageia

mageia🔗 advisories.mageia.org👁 57 Views

Security vulnerabilities in Nokogiri v1.10.3 and earlier patched in updated ruby-nokogiri v1.10.1

Reporter	Title	Published	Views	Family All 167
FreeBSD	Nokogiri -- injection vulnerability	11 Aug 201900:00	–	freebsd
FreeBSD	nokogiri -- Security vulnerability	22 Jan 202100:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.	17 Dec 201916:14	–	ibm
AlpineLinux	CVE-2019-5477	16 Aug 201900:00	–	alpinelinux
AlpineLinux	CVE-2020-26247	30 Dec 202000:00	–	alpinelinux
AstraLinux	Astra Linux – Vulnerability in Ruby-Nokogiri	3 May 202623:59	–	astralinux
AstraLinux	Astra Linux - уязвимость в ruby-nokogiri	20 May 202605:53	–	astralinux
BDU FSTEC	The vulnerability of the Nokogiri software library, related to the lack of data cleaning at the control level, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.	10 Apr 202000:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Nokogiri library lies in the improper limitation of XML links to external objects, which allows attackers to perform SSRF attacks or XXE attacks.	2 Mar 202100:00	–	bdu_fstec
Circl	CVE-2019-5477	13 Oct 202509:10	–	circl

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	7	any	ruby-nokogiri	1.10.10-1	ruby-nokogiri-1.10.10-1.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
github	www.github.com/sparklemotion/nokogiri/releases/
lists	www.lists.suse.com/pipermail/sle-security-updates/2021-January/008244.html

04 Feb 2021 13:40Current

8High risk

Vulners AI Score8

CVSS 27.5

CVSS 3.12.6 - 9.8

EPSS0.05899

nokogiri command injection xxe vulnerability xml schemas cve-2019-5477 cve-2020-26247 security patch