CVE-2019-5477CRITICALCVSS 9.8fixed in rexical 1.0.7-1 (bookworm)2019
CVE-2019-5477 [CRITICAL] CVE-2019-5477: rexical - A command injection vulnerability in Nokogiri v1.10.3 and earlier allows command...
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versio
debian