Lucene search
Alpine Linux Development TeamALPINE:CVE-2021-41098HistorySep 27, 2021 - 8:15 p.m.
CVE-2021-41098
2021-09-2720:15:00
Alpine Linux Development Team
security.alpinelinux.org
6
0.001 Low
EPSS
Percentile
49.1%
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.14-community | noarch | ruby-nokogiri | = 1.11.7-r0 | UNKNOWN |
Related
cvelist
cvelist
cve
cve
CVE-2021-41098
2021-09-27 20:15:07
osv
osv
CVE-2021-41098
2021-09-27 20:15:07
github
github
cnvd
cnvd
Nokogiri code issue vulnerability
2021-09-29 00:00:00
redhatcve
redhatcve
CVE-2021-41098
2021-09-29 14:06:04
ubuntucve
ubuntucve
CVE-2021-41098
2021-09-27 00:00:00
prion
prion
Xxe
2021-09-27 20:15:00
debiancve
debiancve
CVE-2021-41098
2021-09-27 20:15:07
nvd
nvd
CVE-2021-41098
2021-09-27 20:15:07
photon
photon
Important Photon OS Security Update - PHSA-2021-0115
2021-10-08 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0115
2021-10-14 00:00:00
nessus
nessus
Photon OS 2.0: Rubygem PHSA-2021-2.0-0413
2021-11-15 00:00:00