Published: 11/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nokogiri nokogiri
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
debian debian linux 9.0
debian debian linux 10.0
apple macos

Synopsis Important: Satellite 612 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 612 The release contains a new version of Satellite and important security fixe ...

Debian Bug report logs - #1009787 ruby-nokogiri: CVE-2022-24836: Inefficient Regular Expression Complexity Package: src:ruby-nokogiri; Maintainer for src:ruby-nokogiri is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 17 Apr 2022 ...

Nokogiri is an open source XML and HTML library for Ruby Nokogiri `< v1134` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents Users are advised to upgrade to Nokogiri `>= 1134` There are no known workarounds for this issue (CVE-2022-24836) ...

Nokogiri is an open source XML and HTML library for Ruby Nokogiri `< v1134` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents Users are advised to upgrade to Nokogiri `>= 1134` There are no known workarounds for this issue ...

Nokogiri is an open source XML and HTML library for Ruby Nokogiri `< v1134` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents Users are advised to upgrade to Nokogiri `>= 1134` There are no known workarounds for this issue (CVE-2022-24836) ...

CWE-1333 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html https://security.gentoo.org/glsa/202208-29 https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html https://support.apple.com/kb/HT213532 http://seclists.org/fulldisclosure/2022/Dec/23 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/https://access.redhat.com/errata/RHSA-2022:8506 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2022-1595.html

CVE-2022-24836

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect