Nokogiri Security Vulnerabilities and Issues — Nokogiri CVE List

Lucene search

NokogiriNokogiri

3 matches found

CVE•added 2019/08/16 4:15 p.m.•331 views

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vu...

9.8CVSS9.4AI score0.01307EPSS

CVE•added 2019/11/05 3:15 p.m.•57 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS

CVE•added 2019/11/05 3:15 p.m.•47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS