15 matches found
CVE-2026-57234
A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...
EUVD-2026-39421
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...
CVE-2026-57234
Nokogiri (Ruby) prior to 1.19.4 has a vulnerability in the JRuby implementation of the NONET option for Nokogiri::XML::Schema, where default options could trigger network fetches for external resources, enabling SSRF or XXE. The issue is tied to the NONET behavior set by default for schema parsin...
CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...
GHSA-8678-W3JW-XFC2 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
Summary The NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potential...
Malicious code in test-mlw2-urial-nonet (npm)
The package test-mlw2-urial-nonet was found to contain malicious code...
Malicious code in @malware-test-nonet-mayst-dusky-seels/test-mlw3-nonet-mayst-dusky-seels (npm)
The package @malware-test-nonet-mayst-dusky-seels/test-mlw3-nonet-mayst-dusky-seels was found to contain malicious code...
MAL-2025-36551 Malicious code in test-mlw2-urial-nonet (npm)
The package test-mlw2-urial-nonet was found to contain malicious code...
CVE-2008-7303
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script...
Debian: Security Advisory (DLA-229-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XML External Entity (XXE) Via Libxml2
nokogiri is using libxml2 library which is vulnerable to the CVE-2016-9318. The vulnerability is only possible when applications using nokogiri 1.5.4 and later do not opt into the DTDLOAD option and opt out of the NONET option. The default setting in nokogiri does not use both DTD loading and...
XML External Entity (XXE) Injection
Overview nokogiri is an HTML, XML, SAX, and Reader parser, with the ability to search documents via XPath or CSS3 selectors. Affected versions of this Gem are vulnerable to XML External Entity XXE attacks. Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are librari...
Debian DLA-229-1 : libnokogiri-ruby security update
An XML eXternal Entity XXE flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause a connection to that URL to be opened. This update enables the 'nonet'...
[SECURITY] [DLA 229-1] libnokogiri-ruby security update
Package : libnokogiri-ruby Version : 1.4.0-4+deb6u1 CVE ID : CVE-2012-6685 An XML eXternal Entity XXE flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause...
DLA-229-1 libnokogiri-ruby - security update
Bulletin has no description...