CVE-2022-24836

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-24836
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24836.json
Aliases
Related
Published
2022-04-11T22:15:07Z
Modified
2023-11-29T09:29:20.160448Z
Details

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/sparklemotion/nokogiri

Affected ranges

Type
GIT
Repo
https://github.com/sparklemotion/nokogiri
Events
Introduced
0The exact introduced commit is unknown
Fixed
e444525ef1634b675cd1cf52d39f4320ef0aecfd

Affected versions

1.*

1.7.0.1-linux-binary1

REL_1.*

REL_1.0.0
REL_1.0.1
REL_1.0.2
REL_1.0.3
REL_1.0.4
REL_1.0.5
REL_1.0.6
REL_1.0.7
REL_1.1.0
REL_1.1.1
REL_1.2.0
REL_1.2.1
REL_1.2.2
REL_1.2.3
REL_1.3.0
REL_1.3.0rc1
REL_1.3.1
REL_1.3.2
REL_1.3.3
REL_1.4.0
REL_1.4.1
REL_1.4.2
REL_1.4.3
REL_1.4.3.1
REL_1.5.0.beta.1
REL_1.5.0.beta.2

v1.*

v1.10.0
v1.10.0.rc1
v1.10.1
v1.10.2
v1.10.3
v1.11.0
v1.11.0.rc1
v1.11.0.rc2
v1.11.0.rc3
v1.11.0.rc4
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.12.0.rc1
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.4.4
v1.4.4.1
v1.4.4.2
v1.5.0
v1.5.0.beta.3
v1.5.0.beta.4
v1.5.1
v1.5.1.rc1
v1.5.2
v1.5.3
v1.5.3.rc1
v1.5.3.rc3
v1.5.3.rc4
v1.5.3.rc5
v1.5.3.rc6
v1.5.4
v1.5.4.rc1
v1.5.4.rc2
v1.5.4.rc3
v1.5.5
v1.5.5.rc1
v1.5.5.rc2
v1.5.5.rc3
v1.5.6
v1.5.6.rc1
v1.5.6.rc2
v1.5.7
v1.5.7.rc1
v1.5.7.rc2
v1.5.7.rc3
v1.5.8
v1.5.9
v1.6.0
v1.6.0.rc1
v1.6.2
v1.6.2.1
v1.6.2.beta.1
v1.6.2.rc1
v1.6.2.rc2
v1.6.2.rc3
v1.6.3
v1.6.3.1
v1.6.3.rc1
v1.6.3.rc2
v1.6.3.rc3
v1.6.4
v1.6.5
v1.6.6
v1.6.6.1
v1.6.6.2
v1.6.7.rc1
v1.6.7.rc2
v1.6.7.rc3
v1.6.7.rc4
v1.6.8
v1.6.8.rc1
v1.6.8.rc2
v1.6.8.rc3
v1.7.0
v1.7.0.1
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.9.0
v1.9.0.rc1
v1.9.1