Debian Ruby-Nokogiri vulnerabilities

CVE-2025-6494 [MEDIUM] CVE-2025-6494: ruby-nokogiri - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc223... A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public an

CVE-2025-6490 [MEDIUM] CVE-2025-6490: ruby-nokogiri - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc223... A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and m

CVE-2022-23476 [HIGH] CVE-2022-23476: ruby-nokogiri - Nokogiri is an open source XML and HTML library for the Ruby programming languag... Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted i

CVE-2022-24836 [HIGH] CVE-2022-24836: ruby-nokogiri - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` c... Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `= 1.13.4`. There are no known workarounds for this issue. Scope: local bookworm: resolved (fixed in 1.13.5+dfsg-1) bullseye: resolved (fixed in 1.11.1+dfsg-2+deb11u1) forky: resolved (fixed in 1.13.5+dfsg-1) sid: resolved (fixed in 1.13.5+dfsg-1) trixie: resolved (fixed in 1.13.5+dfsg-1)

CVE-2022-29181 [HIGH] CVE-2022-29181: ruby-nokogiri - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to vers... Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the unt

CVE-2021-41098 [HIGH] CVE-2021-41098: ruby-nokogiri - Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath an... Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or

CVE-2020-26247 [LOW] CVE-2020-26247: ruby-nokogiri - Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath an... Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is co

CVE-2019-5477 [CRITICAL] CVE-2019-5477: rexical - A command injection vulnerability in Nokogiri v1.10.3 and earlier allows command... A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versio

CVE-2013-6460 [MEDIUM] CVE-2013-6460: ruby-nokogiri - Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML docu... Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-6461 [MEDIUM] CVE-2013-6461: ruby-nokogiri - Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to ap... Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-6685 [HIGH] CVE-2012-6685: ruby-nokogiri - Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri before 1.5.4 is vulnerable to XXE attacks Scope: local bookworm: resolved (fixed in 1.5.4-1) bullseye: resolved (fixed in 1.5.4-1) forky: resolved (fixed in 1.5.4-1) sid: resolved (fixed in 1.5.4-1) trixie: resolved (fixed in 1.5.4-1)