Home

CVE-2019-5477

Description

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Rubys Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
5.874

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-5477 are fixed in Ruby-nokogiri 1.10.4Windows
Vulnerabilities CVE-2019-5477 are fixed in Ruby-rexical 1.0.7Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.8.2-1ubuntu0.1_i386.debLinux
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.8.2-1ubuntu0.1_amd64.debLinux
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.6.7.2-3ubuntu0.1_i386.debLinux
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.6.7.2-3ubuntu0.1_amd64.debLinux
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.10.0+dfsg1-2ubuntu0.1_i386.debLinux
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.10.0+dfsg1-2ubuntu0.1_amd64.debLinux
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.10.3+dfsg1-2ubuntu0.1_i386.debLinux
HTML, XML, SAX, and Reader parser for Ruby (USN-4175-1) ruby-nokogiri_1.10.3+dfsg1-2ubuntu0.1_amd64.debLinux
Vulnerabilities CVE-2019-5477 are fixed in Ruby-nokogiri for Linux 1.10.4Linux
Vulnerabilities CVE-2019-5477 are fixed in Ruby-rexical for Linux 1.0.7Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234