cve/CVE-2022-24839.md at 93476d6c370e261fdc1b2b03a08066de45e4892d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to >= 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.

POC

Reference

https://www.oracle.com/security-alerts/cpujul2022.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/junxiant/xnat-aws-monailabel
https://github.com/knewbury01/codeql-workshop-nekohtml

1.1 KiB Raw Blame History

CVE-2022-24839

Description

POC

Reference

Github

1.1 KiB

Raw Blame History