Source |
CVE Liste |
Identifiant |
4720675 |
Date de publication |
2022-05-20 19:15:08 (vue: 2022-05-20 21:08:08) |
Titre |
CVE-2022-29181 |
Texte |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. |
Envoyé |
Oui |
Condensat |
2022 29181 `#to `string` access all allowing calling cause check contains crafted cve does ensure equivalent errors from html html4 illegal input inputs issue library memory nokogiri not open parsers patch prior reads ruby sax segfault source specially type unrelated untrusted version workaround xml |
Tags |
|
Stories |
|
Notes |
|
Move |
|