Denial of service or RCE from libxml2 and libxslt · CVE-2015-8806 · GitHub Advisory Database · GitHub

Denial of service or RCE from libxml2 and libxslt

High severity GitHub Reviewed Published Sep 17, 2018 to the GitHub Advisory Database • Updated Jun 30, 2023

Package

nokogiri (RubyGems)

Affected versions

>= 1.6.0, < 1.6.8

Patched versions

1.6.8

Description

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

References

Published to the GitHub Advisory Database Sep 17, 2018

Reviewed Jun 16, 2020

Last updated Jun 30, 2023

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H