Summary
The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup.
Severity
The maintainers have evaluated this as High Severity 7.5 (CVSS3.1).
Mitigation
Upgrade to >= 1.9.22.noko2.
Credit
This vulnerability was reported by 이형관 (windshock).
References
CWE-400 Uncontrolled Resource Consumption
Notes
The upstream library org.cyberneko.html is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.
Summary
The fork of
org.cyberneko.htmlused by Nokogiri (Rubygem) raises ajava.lang.OutOfMemoryErrorexception when parsing ill-formed HTML markup.Severity
The maintainers have evaluated this as High Severity 7.5 (CVSS3.1).
Mitigation
Upgrade to
>= 1.9.22.noko2.Credit
This vulnerability was reported by 이형관 (windshock).
References
CWE-400 Uncontrolled Resource Consumption
Notes
The upstream library
org.cyberneko.htmlis no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.