Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/25 2:30 p.m.33 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:30 p.m.24 views

CVE-2026-57234

Nokogiri (Ruby) prior to 1.19.4 has a vulnerability in the JRuby implementation of the NONET option for Nokogiri::XML::Schema, where default options could trigger network fetches for external resources, enabling SSRF or XXE. The issue is tied to the NONET behavior set by default for schema parsin...

2.6CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.15 views

Debian: Security Advisory (DLA-229-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02115EPSS
Exploits1References2
Snyk
Snyk
added 2017/01/11 9:0 p.m.3 views

XML External Entity (XXE) Injection

Overview nokogiri is an HTML, XML, SAX, and Reader parser, with the ability to search documents via XPath or CSS3 selectors. Affected versions of this Gem are vulnerable to XML External Entity XXE attacks. Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are librari...

8.6CVSS9.4AI score0.02938EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/05/28 12:0 a.m.36 views

Debian DLA-229-1 : libnokogiri-ruby security update

An XML eXternal Entity XXE flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause a connection to that URL to be opened. This update enables the 'nonet'...

7.5CVSS6.4AI score0.02115EPSS
Exploits1References3
Debian
Debian
added 2015/05/27 6:3 p.m.27 views

[SECURITY] [DLA 229-1] libnokogiri-ruby security update

Package : libnokogiri-ruby Version : 1.4.0-4+deb6u1 CVE ID : CVE-2012-6685 An XML eXternal Entity XXE flaw was found in Nokogiri, a Ruby gem for parsing HTML, XML, and SAX. Using external XML entities, a remote attacker could specify a URL in a specially crafted XML that, when parsed, would cause...

7.5CVSS6.7AI score0.02115EPSS
Exploits1
OSV
OSV
added 2015/05/27 12:0 a.m.30 views

DLA-229-1 libnokogiri-ruby - security update

Bulletin has no description...

7.5CVSS7.5AI score0.02115EPSS
Exploits1
Rows per page
Query Builder