Skip to content

Commit

Permalink
Merge pull request #433 from p8/nokogiri-CVE-2020-7595
Browse files Browse the repository at this point in the history
Add CVE-2020-7595 for nokogiri
  • Loading branch information
phillmv committed Feb 25, 2020
2 parents d7f1839 + bfdf2d8 commit 309cacf
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions gems/nokogiri/CVE-2020-7595.yml
@@ -0,0 +1,20 @@
---
gem: nokogiri
cve: 2020-7595
url: https://github.com/sparklemotion/nokogiri/issues/1992
date: 2020-02-12
title: libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
description: |-
Nokogiri has backported the patch for CVE-2020-7595 into its vendored version
of libxml2, and released this as v1.10.8
CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and
so Nokogiri versions <= v1.10.7 are vulnerable.
patched_versions:
- ">= 1.10.8"

cvss_v2: 5.0
cvss_v3: 7.5

0 comments on commit 309cacf

Please sign in to comment.