Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Handling of Unexpected Data Type in Nokogiri
Vulnerability Description
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
非预期数据类型处理不恰当
Vulnerability Title
Nokogiri 安全漏洞
Vulnerability Description
Nokogiri是一款用于解析Ruby中HTML和XML的开源软件库。 Nokogiri 1.13.6-1.1 版本及之后版本存在安全漏洞,攻击者利用该漏洞可以触发 Nokogiri 的内存损坏,以触发拒绝服务,并可能运行代码。
CVSS Information
N/A
Vulnerability Type
N/A