漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
XXE in Nokogiri
漏洞信息
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
漏洞信息
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
漏洞
XML外部实体引用的不恰当限制(XXE)
漏洞
Nokogiri 代码问题漏洞
漏洞信息
Nokogiri是一款用于解析Ruby中HTML和XML的开源软件库。 Nokogiri 1.11.0.rc4之前版本存在代码问题漏洞,该漏洞允许通过网络访问外部资源,可能会导致XXE或SSRF攻击。
漏洞信息
N/A
漏洞
N/A