Type confusion in xsltNumberFormatGetMultipleLevel
prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.
{ "nvd_published_at": "2019-12-11T01:15:00Z", "cwe_ids": [ "CWE-787", "CWE-843" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-07T21:30:28Z" }