openSUSE Security Update : rubygem-nokogiri (openSUSE-2021-237)

This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 bsc1156722. Security issues fixed : - CVE-2019-5477: Fixed a command injection vulnerability bsc1146578. - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema bsc1180507. This update...

OPENSUSE-SU-2021:0237-1 Security update for rubygem-nokogiri

This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 bsc1156722. Security issues fixed: - CVE-2019-5477: Fixed a command injection vulnerability bsc1146578. - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema bsc1180507. This update...

Security update for rubygem-nokogiri (important)

openSUSE Security Update: Security update for rubygem-nokogiri Announcement ID: openSUSE-SU-2021:0237-1 Rating: important References: 1146578 1156722 1180507 Cross-References: CVE-2019-5477 CVE-2020-26247 Affected Products: openSUSE Leap 15.2 An update that solves two vulnerabilities and has one...

SUSE-SU-2021:0251-1 Security update for rubygem-nokogiri

This update for rubygem-nokogiri fixes the following issues: rubygem-nokogiri was updated to 1.8.5 bsc1156722. Security issues fixed: - CVE-2019-5477: Fixed a command injection vulnerability bsc1146578. - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema bsc1180507...

SUSE-SU-2021:0210-1 Security update for rubygem-nokogiri

This update for rubygem-nokogiri fixes the following issues: - CVE-2019-5477: Fixed a command injection vulnerability bsc1146578. - CVE-2020-26247: Fixed an XXE vulnerability in Nokogiri::XML::Schema bsc1180507...

SUSE-SU-2021:0115-1 Security update for rubygem-archive-tar-minitar

This update for rubygem-archive-tar-minitar fixes one security issue: - CVE-2016-10173: Archives with files containing '..' in the extracted filename could have been used to overwrite arbitrary files bsc1021740...

Fedora 33 : rubygem-em-http-request (2020-8ccd750904)

Security fix for CVE-2020-13482 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

Fedora 32 : rubygem-em-http-request (2020-117f1b67fb)

Security fix for CVE-2020-13482. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

Fedora: Security Advisory for rubygem-em-http-request (FEDORA-2020-117f1b67fb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: rubygem-em-http-request-1.1.7-1.fc33

EventMachine based, async HTTP Request client...

[SECURITY] Fedora 32 Update: rubygem-em-http-request-1.1.7-1.fc32

EventMachine based, async HTTP Request client...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

Design/Logic Flaw

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri (Ruby) contains an XXE/SSRF risk in XML schemas parsed by Nokogiri::XML::Schema due to the default trust-on-parse behavior. This is fixed in version 1.11.0.rc4; upgrading to 1.11.0.rc4+ mitigates the issue. The CVE-2020-26247 entry notes the vulnerability and its fix; multiple advisories...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-13482

A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Red Hat...

CVE-2020-26254

omniauth-apple is the OmniAuth strategy for "Sign In with Apple" RubyGem omniauth-apple. In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the...