2 matches found
GHSA-CF46-6XXH-PC75 libxslt Type Confusion vulnerability that affects Nokogiri
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...
The vulnerability of the xsltNumberFormatDecimal function in the libxslt library allows a hacker to gain unauthorized access to protected information.
The vulnerability of the xsltNumberFormatDecimal function in the libxslt library exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...