CVE-2022-24836
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/04/2022
Last modified:
07/11/2023
Description
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `= 1.13.4`. There are no known workarounds for this issue.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:* | 1.13.4 (excluding) | |
| cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 13.0 (including) | 13.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2022/Dec/23
- https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
- https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
- https://security.gentoo.org/glsa/202208-29
- https://support.apple.com/kb/HT213532