Skip to content

Nokogiri vulnerable to libxml XML Entity Expansion

Moderate severity GitHub Reviewed Published Aug 8, 2018 to the GitHub Advisory Database • Updated Aug 25, 2023

Package

bundler nokogiri (RubyGems)

Affected versions

>= 1.6.6.0, <= 1.6.6.3

Patched versions

1.6.6.4

Description

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

References

Published to the GitHub Advisory Database Aug 8, 2018
Reviewed Jun 16, 2020
Last updated Aug 25, 2023

Severity

Moderate

EPSS score

2.489%
(90th percentile)

Weaknesses

CVE ID

CVE-2015-1819

GHSA ID

GHSA-q7wx-62r7-j2x7

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.