6.4
CVSSv2

CVE-2022-29181

Published: 20/05/2022 Updated: 16/02/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Summary

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nokogiri nokogiri

apple macos

Vendor Advisories

A flaw was found in the rubygem-nokogiri package This flaw allows malicious users to change partial contents or configurations on the system Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability (CVE-2022-29181) ...