PT-2020-7321 · Nokogiri · Nokogiri

Felixgro

Published

2020-02-19

Updated

2022-04-23

CVE-2012-6685

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Nokogiri versions prior to 1.5.4

Description: The issue is related to XXE attacks. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue.

Exploit

Fix

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

CVE-2012-6685

DLA-229-1

GHSA-6WJ9-77WQ-JQ7P

RHSA-2019:0212

Affected Products

Nokogiri

PT-2020-7321 · Nokogiri · Nokogiri

CVE-2012-6685

Weakness Enumeration

Related Identifiers

Affected Products

References · 13