An XML eXternal Entity (XXE) flaw was found in Nokogiri, a Ruby gem for
parsing HTML, XML, and SAX. Using external XML entities, a remote attacker
could specify a URL in a specially crafted XML that, when parsed, would
cause a connection to that URL to be opened.
This update enables the nonet option by default (and provides new
methods to disable default options if needed).
CPE | Name | Operator | Version |
---|---|---|---|
libnokogiri-ruby | eq | 1.4.0-4 |