This repository has been archived by the owner on Aug 27, 2019. It is now read-only.

bundle update #11

Merged

touhouota merged 1 commit into develop from bundle_update

Aug 13, 2019

Owner

touhouota commented Aug 12, 2019

nokogiri
- CHANGELOG
  - A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.
  - This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
  - This CVE's public notice is CVE-2019-5477 - Nokogiri Command Injection Vulnerability sparklemotion/nokogiri#1915
- Compare URL
  - sparklemotion/nokogiri@v1.10.3...v1.10.4


          bundle update

6319d6f

touhouota merged commit 0cd4b97 into develop

touhouota deleted the bundle_update branch

August 13, 2019 15:06

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.