Lucene search
Veracode Vulnerability DatabaseVERACODE:21204HistoryAug 14, 2019 - 2:08 a.m.
Command Injection
2019-08-1402:08:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.018 Low
EPSS
Percentile
88.1%
nokogiri is vulnerable to command injection. The vulnerability exists as commands can be executed in a subprocess by Ruby’s Kernel.open through Nokogiri::CSS::Tokenizer#load_file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nokogiri | le | 1.10.3 | |
| ruby-nokogiri:xenial | eq | 1.6.7.2 | |
| ruby-nokogiri:bionic | eq | 1.8.2 | |
| nokogiri | le | 1.10.3 | |
| ruby-nokogiri:xenial | eq | 1.6.7.2 | |
| ruby-nokogiri:bionic | eq | 1.8.2 |
References
github.com/sparklemotion/nokogiri/commit/daffe223967b74b3205513b5e600aa5dfefe687d
github.com/sparklemotion/nokogiri/issues/1915
github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
hackerone.com/reports/650835
lists.debian.org/debian-lts-announce/2019/09/msg00027.html
lists.debian.org/debian-lts-announce/2022/10/msg00018.html
lists.debian.org/debian-lts-announce/2022/10/msg00019.html
security.gentoo.org/glsa/202006-05
usn.ubuntu.com/4175-1/
Related
openvas
openvas
Ubuntu: Security Advisory (USN-4175-1)
2019-11-06 00:00:00
Debian: Security Advisory (DLA-1933-1)
2019-09-27 00:00:00
Debian: Security Advisory (DLA-3150-1)
2022-10-13 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Nokogiri vulnerability (USN-4175-1)
2019-11-06 00:00:00
GLSA-202006-05 : Nokogiri: Command injection
2020-06-17 00:00:00
osv
osv
Nokogiri Command Injection Vulnerability
2019-08-19 19:27:23
ruby-nokogiri - security update
2019-09-26 00:00:00
rexical - security update
2022-10-12 00:00:00
debiancve
debiancve
CVE-2019-5477
2019-08-16 16:15:10
gentoo
gentoo
Nokogiri: Command injection
2020-06-13 00:00:00
ubuntucve
ubuntucve
CVE-2019-5477
2019-08-16 00:00:00
debian
debian
[SECURITY] [DLA 1933-1] ruby-nokogiri security update
2019-09-26 01:54:34
[SECURITY] [DLA 3150-1] rexical security update
2022-10-12 14:46:08
[SECURITY] [DLA 3149-1] ruby-nokogiri security update
2022-10-12 14:46:03
freebsd
freebsd
Nokogiri -- injection vulnerability
2019-08-11 00:00:00
ubuntu
ubuntu
Nokogiri vulnerability
2019-11-05 00:00:00
prion
prion
Command injection
2019-08-16 16:15:00
cvelist
cvelist
CVE-2019-5477
2019-08-16 00:00:00
cve
cve
CVE-2019-5477
2019-08-16 16:15:10
alpinelinux
alpinelinux
CVE-2019-5477
2019-08-16 16:15:10
nvd
nvd
CVE-2019-5477
2019-08-16 16:15:10
github
github
Nokogiri Command Injection Vulnerability
2019-08-19 19:27:23
mageia
mageia
Updated ruby-nokogiri packages fix security vulnerabilities
2021-02-04 16:40:24
suse
suse
Security update for rubygem-nokogiri (important)
2021-02-05 00:00:00
ibm
ibm
photon
photon