Lucene search
+L

4 matches found

cve
cve
added 2026/06/25 2:34 p.m.19 views

CVE-2026-57437

Nokogiri (Ruby) vulnerable in versions prior to 1.19.4 due to Nokogiri::XML::XPathContext not keeping the source document alive for GC. If an XPathContext outlives its document and the document is collected, evaluating an XPath expression could read invalid memory and potentially segfault. This i...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/25 2:34 p.m.37 views

CVE-2026-57437 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS0.00312EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/06/25 2:34 p.m.8 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References1
osv
osv
added 2026/06/19 4:37 p.m.9 views

GHSA-P67V-3W7G-WJG7 Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime

Summary Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application co...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References2
Rows per page
Query Builder