AVG-2424 log

Package ruby-nokogiri
Status Not affected
Severity High
Type xml external entity injection
Affected 1.12.2-1
Fixed Not affected
Current 1.13.9-1 [extra]
Ticket None
Created Tue Sep 28 08:43:35 2021
Issue Severity Remote Type Description
CVE-2021-41098 High Yes Xml external entity injection
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted...