logo
DATABASE RESOURCES PRICING ABOUT US

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation

Description

Nokogiri has backported the patch for CVE-2020-7595 into its vendored version of libxml2, and released this as v1.10.8 CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and so Nokogiri versions <= v1.10.7 are vulnerable.


Affected Software


CPE Name Name Version
nokogiri 1.10.8

Related