View all vulnerabilities

CVE-2020-7595

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.5
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
nokogiri < 1.10.8
Severity
High
Ecosystem
Publish Date
February 24, 2020
Modified Date
March 8, 2024