Home

CVE-2022-24836

Description

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.454

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-24836,CVE-2018-25032 are fixed in Ruby-nokogiri 1.13.4Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
Multiple vulnerabilities are fixed in Mac OS - Ventura 13.1 (Software Update) - AutoRebootMac
(RHSA-2022:8506) Satellite 6.12 Release foreman-cli-3.3.0.17-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-gssapi-1.2.0-8.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release satellite-cli-6.12.0-4.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release satellite-clone-3.2.0-1.el8sat.noarch.rpmLinux
SUSE-SU-2022:4015-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) ruby2.5-rubygem-nokogiri-1.8.5-150000.3.9.1.x86_64.rpmLinux
SUSE-SU-2022:4016-1(SUSE Linux Enterprise Module for Basesystem 15-SP4 ) ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1.x86_64.rpmLinux
Vulnerabilities CVE-2022-24836,CVE-2018-25032 are fixed in Ruby-nokogiri for Linux 1.13.4Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-611601Mac OS - Ventura 13.7.7 (Software Update) (Auto Reboot)(Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234