CVE-2021-41098 log

Severity High
Remote Yes
Type Xml external entity injection
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser.
Group Package Affected Fixed Severity Status Ticket
AVG-2425 logstash 7.10.2-1 High Not affected
AVG-2424 ruby-nokogiri 1.12.2-1 High Not affected