File tree Expand file tree Collapse file tree 1 file changed +45
-0
lines changed Expand file tree Collapse file tree 1 file changed +45
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ layout : advisory
3+ title : ! ' CVE-2015-8806: Denial of service or RCE from libxml2 and libxslt'
4+ comments : false
5+ categories :
6+ - nokogiri
7+ advisory :
8+ gem : nokogiri
9+ cve : 2015-8806
10+ url : https://github.com/sparklemotion/nokogiri/issues/1473
11+ title : Denial of service or RCE from libxml2 and libxslt
12+ date : 2016-06-07
13+ description : ! " Nokogiri is affected by series of vulnerabilities in libxml2 and
14+ libxslt,\n which are libraries Nokogiri depends on. It was discovered that libxml2
15+ and\n libxslt incorrectly handled certain malformed documents, which can allow\n malicious
16+ users to cause issues ranging from denial of service to remote code\n execution
17+ attacks.\n\n For more information, the Ubuntu Security Notice is a good start:
18+ \n http://www.ubuntu.com/usn/usn-2994-1/\n "
19+ patched_versions :
20+ - ! '>= 1.6.8'
21+ unaffected_versions :
22+ - < 1.6.0
23+ related :
24+ cve :
25+ - 2016-1762
26+ - 2016-1833
27+ - 2016-1834
28+ - 2016-1835
29+ - 2016-1836
30+ - 2016-1837
31+ - 2016-1838
32+ - 2016-1839
33+ - 2016-1840
34+ - 2016-2073
35+ - 2016-3627
36+ - 2016-3705
37+ - 2016-4447
38+ - 2016-4449
39+ - 2016-4483
40+ url :
41+ - https://github.com/sparklemotion/nokogiri/issues/1473
42+ - https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
43+ - https://mail.gnome.org/archives/xml/2016-May/msg00023.html
44+ - http://www.ubuntu.com/usn/usn-2994-1/
45+ ---
You can’t perform that action at this time.
0 commit comments