CVE - CVE-2022-24836

CVE-ID
CVE-2022-24836	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://support.apple.com/kb/HT213532 CONFIRM:https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 URL:https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 FEDORA:FEDORA-2022-132c6d7c2e URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/ FEDORA:FEDORA-2022-9ed7641ce0 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/ FEDORA:FEDORA-2022-d231cb5e1f URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/ FULLDISC:20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 URL:http://seclists.org/fulldisclosure/2022/Dec/23 GENTOO:GLSA-202208-29 URL:https://security.gentoo.org/glsa/202208-29 MISC:https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd URL:https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd MLIST:[debian-lts-announce] 20220513 [SECURITY] [DLA 3003-1] ruby-nokogiri security update URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html MLIST:[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update URL:https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20220210	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20220210)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)