MGASA-2022-0200
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 22 May 2022, 11:26
Last modified:16 Apr 2026, 04:23
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 May 2022, 11:26
Published
Vulnerability first disclosed
16 Apr 2026, 04:23
Last Modified
Vulnerability information updated
Description
Updated ruby-nokogiri packages fix security vulnerability Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a 'String' by calling '#to_s' or equivalent.
Affected Systems
- mageia•ruby-nokogiri
< 1.11.7-1.1.mga8
References (4)
- https://advisories.mageia.org/MGASA-2022-0200.html
- https://bugs.mageia.org/show_bug.cgi?id=30451
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4J4GGCK2IK6R7HJKHPGPCCZRBXEWHBVC/