Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:5482
HistoryNov 23, 2017 - 11:43 p.m.

Copy-paste Vulnerability Through LibXML2

2017-11-2323:43:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16

EPSS

0.011

Percentile

84.5%

Nokogiri and chef are vulnerable to attacks through a copied version of LibXML2 within the codebase. LibXML2 before 2.9.5 is vulnerable to the following CVEs: 1) CVE-2017-16931 - LibXML2 incorrectly handles parameter-entity references in parser.c. 2) CVE-2017-16932 - LibXML2 can enter an infinite loop through parameter entities in parser.c.