Nokogiri: Denial of Service

Nokogiri: Denial of Service A vulnerability has been discovered in Nokogiri, which can lead to a denial of service. nokogiri 2024-08-07 2024-08-07 884863 local 1.13.10 1.13.10

Nokogiri is an HTML, XML, SAX, and Reader parser.

A denial of service vulnerability has been discovered in Nokogiri. Please review the CVE identifier referenced below for details.

Nokogiri fails to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack.

Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.

All Nokogiri users should upgrade to the latest version:


          # emerge --sync
          # emerge --ask --oneshot --verbose ">=dev-ruby/nokogiri-1.13.10"

CVE-2022-23476 graaff graaff