Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Out-of-bounds read in nokogiri #12

Open
sniffler-app bot opened this issue Apr 14, 2023 · 0 comments
Open

Out-of-bounds read in nokogiri #12

sniffler-app bot opened this issue Apr 14, 2023 · 0 comments
Assignees
@ls-barnaby-claydon
Labels
dependabot high security

Comments

@sniffler-app
Copy link

sniffler-app bot commented Apr 14, 2023

Description

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying on nokogiri as uses libxml2.

Informations

Manifest Path: Gemfile.lock

Please look at dependabot report :https://github.com/swipely/bubz/security/dependabot/82
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ls-barnaby-claydon ls-barnaby-claydon

Labels
dependabot high security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ls-barnaby-claydon