Summary
Nokogiri v1.13.4 updates the vendored org.cyberneko.html library to 1.9.22.noko2 which addresses CVE-2022-24839. That CVE is rated 7.5 (High Severity).
See GHSA-9849-p7jc-9rmv for more information.
Please note that this advisory only applies to the JRuby implementation of Nokogiri < 1.13.4.
Mitigation
Upgrade to Nokogiri >= 1.13.4.
Impact
- Severity: High 7.5
- Type: CWE-400 Uncontrolled Resource Consumption
- Description: The fork of
org.cyberneko.html used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup.
- See also: GHSA-9849-p7jc-9rmv
Summary
Nokogiri
v1.13.4updates the vendoredorg.cyberneko.htmllibrary to1.9.22.noko2which addresses CVE-2022-24839. That CVE is rated 7.5 (High Severity).See GHSA-9849-p7jc-9rmv for more information.
Please note that this advisory only applies to the JRuby implementation of Nokogiri
< 1.13.4.Mitigation
Upgrade to Nokogiri
>= 1.13.4.Impact
CVE-2022-24839 in nekohtml
org.cyberneko.htmlused by Nokogiri (Rubygem) raises ajava.lang.OutOfMemoryErrorexception when parsing ill-formed HTML markup.