This repository was archived by the owner on Feb 14, 2024. It is now read-only.
This repository was archived by the owner on Feb 14, 2024. It is now read-only.
Nokogiri implementation of libxslt vulnerable to heap corruption #33
Description
Description
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.
Informations
Manifest Path: Gemfile.lock
Please look at dependabot report: https://github.com/swipely/bubz/security/dependabot/118