Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:5798
HistoryFeb 08, 2018 - 2:39 a.m.

Copy-Paste Vulnerability Through LibXML2

2018-02-0802:39:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

EPSS

0.021

Percentile

89.3%

Nokogiri and Chef are vulnerable to attacks through a copied version of LibXML2 within the codebase. LibXML2 before 2.9.5 is vulnerable to CVE-2017-15412 - LibXML2 contains a use-after-free bug in the xmlXPathCompOpEvalPositionPredicate method in xpath.c.