CVE-2020-7595

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

Description

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

RPM

Publish Date

February 24, 2020

Modified Date

March 8, 2024

Score Vector

Affected Versions