appcues-wss[bot]
commented
1 month ago :heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.
Found in HEAD commit: 795ce30f189e05b55009013141cfb6034c96a215
Vulnerabilities
Details
CVE-2024-34459
### Vulnerable Library - nokogiri-1.16.0.gemNokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2, libgumbo, or xerces.
Library home page: https://rubygems.org/gems/nokogiri-1.16.0.gem
Dependency Hierarchy: - slather-2.8.0.gem (Root Library) - :x: **nokogiri-1.16.0.gem** (Vulnerable Library)
Found in HEAD commit: 795ce30f189e05b55009013141cfb6034c96a215
Found in base branch: main
### Vulnerability DetailsAn issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Mend Note: This vulnerability does not affect RubyGem's Nokogiri directly, but its dependency libxml2, which is downloaded during Nokogiri's depndency resolution.
Publish Date: 2024-05-14
URL: CVE-2024-34459
### CVSS 3 Score Details (3.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-r95h-9x8f-r3f7
Release Date: 2024-05-14
Fix Resolution: libxml2-v2.11.8,v2.12.7, nokogiri - 1.16.5