logo
DATABASE RESOURCES PRICING ABOUT US

High severity vulnerability that affects nokogiri

Description

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 (as used in nokogiri before 1.6.7.1) does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.


Affected Software


CPE Name Name Version
nokogiri 1.6.0
nokogiri 1.6.1
nokogiri 1.6.2
nokogiri 1.6.2.1
nokogiri 1.6.2.rc1
nokogiri 1.6.2.rc2
nokogiri 1.6.2.rc3
nokogiri 1.6.3
nokogiri 1.6.3.1
nokogiri 1.6.3.rc1
nokogiri 1.6.3.rc2
nokogiri 1.6.3.rc3
nokogiri 1.6.4
nokogiri 1.6.4.1
nokogiri 1.6.5
nokogiri 1.6.6.1
nokogiri 1.6.6.2
nokogiri 1.6.6.3
nokogiri 1.6.6.4
nokogiri 1.6.7
nokogiri 1.6.7.rc2
nokogiri 1.6.7.rc3
nokogiri 1.6.7.rc4

Related