Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
Nokogiri's many features is the ability to search documents via XPath
or CSS3 selectors.
XML is like violence - if it doesn’t solve your problems, you are not
using enough of it.
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2015-7499 - Medium Severity Vulnerability
Vulnerable Library - nokogiri-1.6.7.2.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors. XML is like violence - if it doesn’t solve your problems, you are not using enough of it.
Library home page: https://rubygems.org/gems/nokogiri-1.6.7.2.gem
Path to dependency file: /madhon.github.io/Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.3.0/cache/nokogiri-1.6.7.2-x86-mingw32.gem
Dependency Hierarchy: - github-pages-44.gem (Root Library) - jemoji-0.5.1.gem - html-pipeline-2.3.0.gem - :x: **nokogiri-1.6.7.2.gem** (Vulnerable Library)
Vulnerability Details
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
Publish Date: 2015-12-15
URL: CVE-2015-7499
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-7499
Release Date: 2015-12-15
Fix Resolution: 2.9.3
Step up your Open Source Security Game with WhiteSource here