CVE-2017-9050 - High Severity Vulnerability
Vulnerable Library - nokogiri-1.6.7.2.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
Nokogiri's many features is the ability to search documents via XPath
or CSS3 selectors.
XML is like violence - if it doesn’t solve your problems, you are not
using enough of it.
Library home page: https://rubygems.org/gems/nokogiri-1.6.7.2.gem
Dependency Hierarchy:
- ❌ nokogiri-1.6.7.2.gem (Vulnerable Library)
Found in HEAD commit: 5a413d9b2f9c78839525a25524a6091e2a91db92
Found in base branch: master
Vulnerability Details
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
Publish Date: 2017-05-18
URL: CVE-2017-9050
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
Release Date: 2017-05-18
Fix Resolution: 2.9.5
CVE-2017-9050 - High Severity Vulnerability
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
XML is like violence - if it doesn’t solve your problems, you are not
using enough of it.
Library home page: https://rubygems.org/gems/nokogiri-1.6.7.2.gem
Dependency Hierarchy:
Found in HEAD commit: 5a413d9b2f9c78839525a25524a6091e2a91db92
Found in base branch: master
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
Publish Date: 2017-05-18
URL: CVE-2017-9050
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
Release Date: 2017-05-18
Fix Resolution: 2.9.5