sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow

Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and...

CVE-2025-6490

CVE-2025-6490 concerns a heap-based buffer overflow in gumbo-parser/src/hashmap.c (function hashmap_set_with_hash) within sparklemotion nokogiri. Reported as a locally exploitable issue; exploitation details have been disclosed, but the real existence of the vulnerability is questioned in the des...

Sparkle Motion Nokogiri 安全漏洞

Sparkle Motion Nokogiri is a Sparkle Motion open source software for processing xml and html files. A security vulnerability exists in Sparkle Motion Nokogiri version 1.18.7 and earlier, which originates from a heap buffer overflow in the function hashmapsetwithhash in the file...

Security Bulletin: IBM Security Verify Governance is vulnerable to denial of service (CVE-2022-24839)

Summary IBM Security Verify Governance is vulnerable to a denial of service vulnerability within the Sparkle Motion Nokogiri package. The issue was addressed by upgrading the vulnerable package. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to HTTP header injection and affected by denial of services due to multiple vulnerabilities.

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an HTTP header injection caused by improper validation, and affected by a denial of service in GraphQL Java, a denial of service in CyberNeko HTML, and a denial of service in protobuf-java as described in the vulnerabilit...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable because Sparkle Motion Nokogiri is vulnerable to a denial of service, (CVE-2022-24839)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sendin...

Mechanize 信息泄露漏洞

Mechanize is an open source ruby library from Sparkle Motion. It is used to automate interactions with websites. A security vulnerability exists in versions of Mechanize prior to 2.8.5 that stems from an authorization header that leaks after redirecting to a different port on the same site...

Sparkle Motion Mechanize Operating System Command Injection Vulnerability

Sparkle Motion Mechanize is a Ruby-based codebase used by the Sparkle Motion organization to support the Web for automated interactions. Mechanize suffers from an operating system command injection vulnerability that allows the injection of operating system commands using several class methods th...