Introduced through
terraspace@2.2.16
Fixed in
nokogiri@1.16.5
Exploit maturity
Proof of Concept
Show less detail
Detailed paths
Introduced through: project@* › terraspace@2.2.16 › terraspace-bundler@0.5.0 › nokogiri@1.16.2
Fix: No remediation path available.
Security information
Factors contributing to the scoring:
Snyk: CVSS v3.1 7.5 - High Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
nokogiri is a gem for parsing HTML, XML, SAX, and Reader.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the xmlHTMLPrintFileContext function in xmllint.c. An attacker can read memory contents that may contain sensitive data by triggering a buffer over-read condition.
nokogiri Heap-based Buffer Overflow Vulnerability
Introduced through terraspace@2.2.16 Fixed in nokogiri@1.16.5 Exploit maturity Proof of Concept Show less detail Detailed paths Introduced through: project@* › terraspace@2.2.16 › terraspace-bundler@0.5.0 › nokogiri@1.16.2 Fix: No remediation path available. Security information Factors contributing to the scoring: Snyk: CVSS v3.1 7.5 - High Severity NVD: Not available. NVD has not yet published its analysis. Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the xmlHTMLPrintFileContext function in xmllint.c. An attacker can read memory contents that may contain sensitive data by triggering a buffer over-read condition.