Lucene search
Veracode Vulnerability DatabaseVERACODE:28861HistoryDec 31, 2020 - 4:29 a.m.
XML External Entity (XXE)
2020-12-3104:29:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
0.002 Low
EPSS
Percentile
53.1%
Nokogiri is vulnerable to XML external entity (XXE) attack. The vulnerability exist as the external DTDs are enabled by default in the XML parser, which would allow an attacker to submit requests on behalf of the server and gain access to internal and local resources.
References
github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
hackerone.com/reports/747489
lists.debian.org/debian-lts-announce/2021/06/msg00007.html
rubygems.org/gems/nokogiri
Related
cve
cve
CVE-2020-26247
2020-12-30 19:15:12
freebsd
freebsd
nokogiri -- Security vulnerability
2021-01-22 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0068
2021-07-24 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0068
2021-07-24 00:00:00
osv
osv
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability
2020-12-30 18:35:06
CVE-2020-26247
2020-12-30 19:15:12
ruby-nokogiri - security update
2021-06-06 00:00:00
alpinelinux
alpinelinux
CVE-2020-26247
2020-12-30 19:15:12
ubuntucve
ubuntucve
CVE-2020-26247
2020-12-30 00:00:00
nessus
nessus
FreeBSD : nokogiri -- Security vulnerability (13c54e6d-5c45-11eb-b4e2-001b217b3468)
2021-01-22 00:00:00
Debian DLA-2678-1 : ruby-nokogiri security update
2021-06-07 00:00:00
Photon OS 4.0: Rubygem PHSA-2021-4.0-0068
2021-07-27 00:00:00
cvelist
cvelist
CVE-2020-26247 XXE in Nokogiri
2020-12-30 00:00:00
debian
debian
[SECURITY] [DLA 2678-1] ruby-nokogiri security update
2021-06-06 19:00:59
[SECURITY] [DLA 3149-1] ruby-nokogiri security update
2022-10-12 14:46:03
nvd
nvd
CVE-2020-26247
2020-12-30 19:15:12
github
github
prion
prion
Design/Logic Flaw
2020-12-30 19:15:00
openvas
openvas
Debian: Security Advisory (DLA-2678-1)
2021-06-07 00:00:00
openSUSE: Security Advisory for rubygem-nokogiri (openSUSE-SU-2021:0237-1)
2021-04-16 00:00:00
Mageia: Security Advisory (MGASA-2021-0063)
2022-01-28 00:00:00
redhatcve
redhatcve
CVE-2020-26247
2021-01-04 15:32:11
debiancve
debiancve
CVE-2020-26247
2020-12-30 19:15:12
suse
suse
Security update for rubygem-nokogiri (important)
2021-02-05 00:00:00
mageia
mageia
Updated ruby-nokogiri packages fix security vulnerabilities
2021-02-04 16:40:24
gentoo
gentoo
Nokogiri: Multiple Vulnerabilities
2022-08-14 00:00:00
redhat
redhat
(RHSA-2021:5191) Moderate: Red Hat 3scale API Management 2.11.1 Release - Container Images
2021-12-16 15:58:47
(RHSA-2021:4702) Moderate: Satellite 6.10 Release
2021-11-16 13:58:57