This repository was archived by the owner on Feb 14, 2024. It is now read-only.
This repository was archived by the owner on Feb 14, 2024. It is now read-only.
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability #32
Description
Description
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.
Informations
Manifest Path: Gemfile.lock
Please look at dependabot report: https://github.com/swipely/bubz/security/dependabot/117