Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unchecked return value from xmlTextReaderExpand in Nokogiri
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. Users are advised to upgrade to Nokogiri `>= 1.13.10`. Users may be able to search their code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute_hash` to determine if they are affected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加检查的返回值
Vulnerability Title
Nokogiri 安全漏洞
Vulnerability Description
Nokogiri是一款用于解析Ruby中HTML和XML的开源软件库。 Nokogiri 1.13.8和1.13.9版本存在安全漏洞,该漏洞源于其Nokogiri::XML::Reader#attribute_hash方法中检查xmlTextReaderExpand的返回值失败导致在解析无效标记时出现空指针异常。
CVSS Information
N/A
Vulnerability Type
N/A