Lucene search

K
osvGoogleOSV:CVE-2022-29181
HistoryMay 20, 2022 - 7:15 p.m.

CVE-2022-29181

2022-05-2019:15:08
Google
osv.dev
19
nokogiri
xml
html
ruby
security vulnerability
memory access errors

AI Score

6.5

Confidence

High

EPSS

0.004

Percentile

72.9%

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.