Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:5151
HistorySep 21, 2017 - 8:11 a.m.

Remote Code Execution (RCE)

2017-09-2108:11:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5

The nokogiri gem is susceptible to remote code execution (RCE) attacks. The attacks exist because the library uses the C package libxml2 which is vulnerable to CVE-2017-0663, allowing a malicious user to pass a XML file to execute arbitrary code or crash the application.