Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability #32

Open
sniffler-app bot opened this issue Jul 7, 2023 · 0 comments
Open

Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability #32

sniffler-app bot opened this issue Jul 7, 2023 · 0 comments
Assignees
@ls-barnaby-claydon
Labels
dependabot high security

Comments

@sniffler-app
Copy link

sniffler-app bot commented Jul 7, 2023

Description

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.

Informations

Manifest Path: Gemfile.lock

Please look at dependabot report: https://github.com/swipely/bubz/security/dependabot/117
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ls-barnaby-claydon ls-barnaby-claydon

Labels
dependabot high security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ls-barnaby-claydon