GHSA-r95h-9x8f-r3f7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-r95h-9x8f-r3f7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r95h-9x8f-r3f7/GHSA-r95h-9x8f-r3f7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-r95h-9x8f-r3f7
- Related
- Published
- 2024-05-13T16:05:42Z
- Modified
- 2024-11-29T05:41:15.437961Z
- Summary
- Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
- Details
-
Summary
Nokogiri v1.16.5 upgrades its dependency libxml2 to 2.12.7 from 2.12.6.
libxml2 v2.12.7 addresses CVE-2024-34459:
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
Impact
There is no impact to Nokogiri users because the issue is present only in libxml2's
xmllinttool which Nokogiri does not provide or expose.Timeline
- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
- 2024-05-13 10:05 EDT, nokogiri v1.16.5 is released and this GHSA made public
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-120" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-05-13T16:05:42Z" }- References
-
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
- https://github.com/sparklemotion/nokogiri
- https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
Affected packages
RubyGems / nokogiri
Package
- Name
- nokogiri
- Purl
- pkg:gem/nokogiri
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16.5
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.2.1
1.4.3
1.4.3.1
1.4.4
1.4.4.1
1.4.4.2
1.4.5
1.4.6
1.4.7
1.5.0.beta.1
1.5.0.beta.2
1.5.0.beta.3
1.5.0.beta.4
1.5.0
1.5.1.rc1
1.5.1
1.5.2
1.5.3.rc2
1.5.3.rc3
1.5.3.rc4
1.5.3.rc5
1.5.3.rc6
1.5.3
1.5.4.rc1
1.5.4.rc2
1.5.4.rc3
1.5.4
1.5.5.rc1
1.5.5.rc2
1.5.5.rc3
1.5.5
1.5.6.rc1
1.5.6.rc2
1.5.6.rc3
1.5.6
1.5.7.rc1
1.5.7.rc2
1.5.7.rc3
1.5.7
1.5.8
1.5.9
1.5.10
1.5.11
1.6.0.rc1
1.6.0
1.6.1
1.6.2.rc1
1.6.2.rc2
1.6.2.rc3
1.6.2
1.6.2.1
1.6.3.rc1
1.6.3.rc2
1.6.3.rc3
1.6.3
1.6.3.1
1.6.4
1.6.4.1
1.6.5
1.6.6.1
1.6.6.2
1.6.6.3
1.6.6.4
1.6.7.rc2
1.6.7.rc3
1.6.7.rc4
1.6.7
1.6.7.1
1.6.7.2
1.6.8.rc1
1.6.8.rc2
1.6.8.rc3
1.6.8
1.6.8.1
1.7.0
1.7.0.1
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.9.0.rc1
1.9.0
1.9.1
1.10.0.rc1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8
1.10.9
1.10.10
1.11.0.rc1
1.11.0.rc2
1.11.0.rc3
1.11.0.rc4
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.12.0.rc1
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.13.9
1.13.10
1.14.0.rc1
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.15.0
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.15.6
1.16.0.rc1
1.16.0
1.16.1
1.16.2
1.16.3
1.16.4