Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
Sparkle Motion Nokogiri 缓冲区错误漏洞
Vulnerability Description
Sparkle Motion Nokogiri是Sparkle Motion个人开发者的一个HTML、XML和SAX解析库。 Sparkle Motion Nokogiri 1.19.4之前版本存在安全漏洞,该漏洞源于对索引检查时使用了32位截断副本,可能导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A