Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 2:30 p.m.5 views

EUVD-2026-39421

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:30 p.m.30 views

CVE-2026-57234

Nokogiri (Ruby) prior to 1.19.4 has a vulnerability in the JRuby implementation of the NONET option for Nokogiri::XML::Schema, where default options could trigger network fetches for external resources, enabling SSRF or XXE. The issue is tied to the NONET behavior set by default for schema parsin...

2.6CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 2:30 p.m.34 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 4:36 p.m.6 views

GHSA-8678-W3JW-XFC2 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Summary The NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potential...

2.6CVSS6AI score0.00166EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in test-mlw2-urial-nonet (npm)

The package test-mlw2-urial-nonet was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in @malware-test-nonet-mayst-dusky-seels/test-mlw3-nonet-mayst-dusky-seels (npm)

The package @malware-test-nonet-mayst-dusky-seels/test-mlw3-nonet-mayst-dusky-seels was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-36551 Malicious code in test-mlw2-urial-nonet (npm)

The package test-mlw2-urial-nonet was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 6:28 p.m.14 views

CVE-2008-7303

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script...

7.6CVSS6.7AI score0.03537EPSS
Exploits12References1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.16 views

Debian: Security Advisory (DLA-229-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02168EPSS
Exploits1References2
Veracode
Veracode
added 2017/02/23 6:14 a.m.34 views

XML External Entity (XXE) Via Libxml2

nokogiri is using libxml2 library which is vulnerable to the CVE-2016-9318. The vulnerability is only possible when applications using nokogiri 1.5.4 and later do not opt into the DTDLOAD option and opt out of the NONET option. The default setting in nokogiri does not use both DTD loading and...

6.3AI score0.02938EPSS
Exploits1
Snyk
Snyk
added 2017/01/11 9:0 p.m.3 views

XML External Entity (XXE) Injection

Overview nokogiri is an HTML, XML, SAX, and Reader parser, with the ability to search documents via XPath or CSS3 selectors. Affected versions of this Gem are vulnerable to XML External Entity XXE attacks. Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are librari...

8.6CVSS9.4AI score0.02938EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/05/28 12:0 a.m.36 views

Debian DLA-229-1 : libnokogiri-ruby security update

An XML eXternal Entity XXE flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause a connection to that URL to be opened. This update enables the 'nonet'...

7.5CVSS6.4AI score0.02168EPSS
Exploits1References3
Debian
Debian
added 2015/05/27 6:3 p.m.29 views

[SECURITY] [DLA 229-1] libnokogiri-ruby security update

Package : libnokogiri-ruby Version : 1.4.0-4+deb6u1 CVE ID : CVE-2012-6685 An XML eXternal Entity XXE flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause...

7.5CVSS6.7AI score0.02168EPSS
Exploits1
OSV
OSV
added 2015/05/27 12:0 a.m.31 views

DLA-229-1 libnokogiri-ruby - security update

Bulletin has no description...

7.5CVSS7.5AI score0.02168EPSS
Exploits1
Rows per page
Query Builder