FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nokogiri -- Security vulnerability

Affected packages
rubygem-nokogiri < 1.11.0.rc3
rubygem-nokogiri18 < 1.11.0.rc3

Details

VuXML ID 13c54e6d-5c45-11eb-b4e2-001b217b3468
Discovery 2021-01-22
Entry 2021-01-22

Nokogiri reports:

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.

[source]

References

CVE Name CVE-2020-26247
URL https://nokogiri.org/CHANGELOG.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.