Lucene search
GoogleOSV:GHSA-R3W4-36X6-7R99HistoryMay 14, 2024 - 10:30 p.m.
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
2024-05-1422:30:45
Google
osv.dev
6
nokogiri
libxml2
v2.12.7
cve-2024-34459
security update
Summary
Nokogiri v1.16.5 upgrades its dependency libxml2 to
2.12.7 from 2.12.6.
libxml2 v2.12.7 addresses CVE-2024-34459:
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
Impact
There is no impact to Nokogiri users because the issue is present only
in libxml2’s xmllint tool which Nokogiri does not provide or expose.
Timeline
- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
- 2024-05-13 10:05 EDT, nokogiri v1.16.5 is released
and this GHSA made public
Related
alpinelinux
alpinelinux
CVE-2024-34459
2024-05-14 15:39:11
github
github
osv
osv
CVE-2024-34459
2024-05-14 15:39:11
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
2024-05-13 16:05:42
redos
redos
ROS-20240702-03
2024-07-02 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: mingw-libxml2-2.12.7-1.fc39
2024-05-25 01:11:40
[SECURITY] Fedora 40 Update: mingw-libxml2-2.12.7-1.fc40
2024-05-25 01:05:16
[SECURITY] Fedora 40 Update: libxml2-2.12.7-1.fc40
2024-05-23 01:09:33
slackware
slackware
[slackware-security] libxml2
2024-05-13 18:25:17
debiancve
debiancve
CVE-2024-34459
2024-05-14 15:39:11
nessus
nessus
Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2024-134-01)
2024-05-13 00:00:00
SUSE SLES12 Security Update : libxml2 (SUSE-SU-2024:2288-1)
2024-07-04 00:00:00
Fedora 40 : libxml2 (2024-08e01e9f2f)
2024-05-23 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2024-134-01)
2024-05-14 00:00:00
Fedora: Security Advisory for mingw-libxml2 (FEDORA-2024-4862425658)
2024-05-27 00:00:00
Fedora: Security Advisory for mingw-libxml2 (FEDORA-2024-9ffc6cc7bf)
2024-05-27 00:00:00
ubuntucve
ubuntucve
CVE-2024-34459
2024-05-14 00:00:00
veracode
veracode
Buffer Over-read
2024-05-14 06:30:26
nvd
nvd
CVE-2024-34459
2024-05-14 15:39:11
mageia
mageia
Updated libxml2 packages fix security vulnerability
2024-06-06 18:48:22
redhatcve
redhatcve
CVE-2024-34459
2024-05-15 06:29:32
cbl_mariner
cbl_mariner
CVE-2024-34459 affecting package libxml2 for versions less than 2.10.4-3
2024-06-12 22:23:00
cve
cve
CVE-2024-34459
2024-05-14 15:39:11
cvelist
cvelist
CVE-2024-34459
2024-05-13 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2024-5.0-0304
2024-06-26 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0640
2024-06-26 00:00:00
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.3%
Related for OSV:GHSA-R3W4-36X6-7R99