Lucene search

[email protected]CVE-2022-24839

HistoryApr 11, 2022 - 10:15 p.m.

CVE-2022-24839

2022-04-1122:15:00

CWE-400

[email protected]

web.nvd.nist.gov

212

org.cyberneko.html

nokogiri

rubygem

cve-2022-24839

outofmemoryerror

html parser

java

vulnerability

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

56.9%

JSON

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to >= 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.

CPENameOperatorVersion
nekohtml_project:nekohtmlnekohtml project nekohtmllt1.9.22.noko2
oracle:weblogic_serveroracle weblogic servereq12.2.1.3.0
oracle:weblogic_serveroracle weblogic servereq12.2.1.4.0
oracle:weblogic_serveroracle weblogic servereq14.1.1.0.0

CPE	Name	Operator	Version
nekohtml_project:nekohtml	nekohtml project nekohtml	lt	1.9.22.noko2
oracle:weblogic_server	oracle weblogic server	eq	12.2.1.3.0
oracle:weblogic_server	oracle weblogic server	eq	12.2.1.4.0
oracle:weblogic_server	oracle weblogic server	eq	14.1.1.0.0