mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-31 10:40:54 +00:00
1.0 KiB
1.0 KiB
CVE-2022-29181
Description
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.
POC
Reference
- http://seclists.org/fulldisclosure/2022/Dec/23
- https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/
Github
No PoCs found on GitHub currently.