Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Vulnerability Description
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Nokogiri 代码问题漏洞
Vulnerability Description
Nokogiri是一款用于解析Ruby中HTML和XML的开源软件库。 Nokogiri 存在代码问题漏洞,该漏洞源于在 Nokogiri v1.12.4 版本及更早版本中,仅在 JRuby 上,SAX 解析器默认解析外部实体。
CVSS Information
N/A
Vulnerability Type
N/A