漏洞类别:Local
漏洞等级: 
漏洞信息
Nokogiri is an HTML, XML, SAX, and Reader parser with XPath and CSS selector support.
Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.
Affected Versions:
nokogiri versions 1.6.0 through 1.6.7
漏洞危害
Successful exploitation allows a remote attacker to cause a denial of service condition or execute arbitrary code on the targeted system.
解决方案
Customers are advised to install nokogiri 1.6.8 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论