nokogiri vulnerabilities

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Known vulnerabilities in the nokogiri package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Improper Handling of Unexpected Data Type	<1.13.6-aarch64-linux
H Out-of-bounds Write	<1.13.4
H Regular Expression Denial of Service (ReDoS)	<1.13.4
H Denial of Service (DoS)	<1.13.4-aarch64-linux
H Use After Free	<1.13.2
H XML External Entity (XXE) Injection	<1.12.5
M Denial of Service (DoS)	<1.8.2
H Denial of Service (DoS)	<1.11.4
L XML External Entity (XXE) Injection	<1.11.0.rc4
H Denial of Service (DoS)	<1.10.8
H Uncontrolled Memory Allocation	<1.10.5
H Command Injection	<1.10.4-java
H Denial of Service (DoS)	<1.8.5
H Denial of Service (DoS)	<1.8.2
H Denial of Service (DoS)	<1.8.1
H Use of vulnerable libxml2	<1.8.1
H Out of Bounds Memory Write	<1.7.2
H Arbitrary Code Execution	<1.7.2
H XML External Entity (XXE) Injection	>=1.5.4, <1.8.3
H XML External Entity (XXE) Injection	<1.5.4
H Arbitrary Code Execution	>=1.6.0, <1.6.8
M Sensitive Information Exposure	>=1.6.0, <1.6.7.2
M Denial of Service (DoS)	>=1.6.0, <1.6.7.1
M Denial of Service (DoS)	>=1.6.7.rc2, <1.6.7.rc4 <1.6.6.4
M Denial of Service (DoS)	<1.6.3
M Denial of Service (DoS)	>=1.6, <1.6.1 <1.5.11
M XML External Entity (XXE) Injection	>=1.6, <1.6.1 <1.5.11
M Information Exposure	<1.5.4