nokogiri security issue
6 views
Skip to first unread message
ahad rafiei
Jun 24, 2024, 9:39:51 AM (6 days ago) Jun 24
to nokogiri-talk
i use rails and ruby with version:
ruby '3.2.2' gem 'rails', '~> 7.1', '>= 7.1.3.2' and nokogiri version
1.16.6
when i publish my project and analyze project with aws inspector i got 3 security issue :
ruby '3.2.2' gem 'rails', '~> 7.1', '>= 7.1.3.2' and nokogiri version
1.16.6
when i publish my project and analyze project with aws inspector i got 3 security issue :
CVE-2016-4658
CVE-2017-7375
CVE-2017-7376
ahad rafiei
Jun 24, 2024, 9:39:53 AM (6 days ago) Jun 24
to nokogiri-talk
hello
Mike Dalessio
Jun 24, 2024, 9:45:46 AM (6 days ago) Jun 24
to nokogi...@googlegroups.com
Hi,
Looking at these CVEs, they apply to the following versions of libxml2:
Looking at these CVEs, they apply to the following versions of libxml2:
- CVE-2016-4658: "libxml2 before 2.9.5"
- CVE-2017-7375: libxml2 up and including 2.9.4
- CVE-2017-7375: libxml2 up and including 2.9.4
- CVE-2017-7376: libxml2 up to (excluding) 2.9.5
Nokogiri 1.16.6 vendors libxml2 2.12.8.
Based on those facts, the results you're seeing seem to be incorrect. I have no idea what "aws inspector" is, but if you're paying for that product, I suggest you open an issue with them.
--
You received this message because you are subscribed to the Google Groups "nokogiri-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nokogiri-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nokogiri-talk/845e5a52-c584-4f07-bfc2-f7c7e83e4013n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages