Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
Version 1.13.9-1 [extra]


Group Affected Fixed Severity Status Ticket
AVG-2424 1.12.2-1 High Not affected
Issue Group Severity Remote Type Description
CVE-2021-41098 AVG-2424 High Yes Xml external entity injection
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted...