Summary
The fork of org.cyberneko.html
used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError
exception when parsing ill-formed HTML markup.
Severity
The maintainers have evaluated this as High Severity 7.5 (CVSS3.1).
Mitigation
Upgrade to >= 1.9.22.noko2
.
Credit
This vulnerability was reported by 이형관 (windshock).
References
CWE-400 Uncontrolled Resource Consumption
Notes
The upstream library org.cyberneko.html
is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.
Summary
The fork of
org.cyberneko.html
used by Nokogiri (Rubygem) raises ajava.lang.OutOfMemoryError
exception when parsing ill-formed HTML markup.Severity
The maintainers have evaluated this as High Severity 7.5 (CVSS3.1).
Mitigation
Upgrade to
>= 1.9.22.noko2
.Credit
This vulnerability was reported by 이형관 (windshock).
References
CWE-400 Uncontrolled Resource Consumption
Notes
The upstream library
org.cyberneko.html
is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.