Skip to content
This repository was archived by the owner on Feb 3, 2023. It is now read-only.

Fixed @ CVE-2021-41098 #132

Open
mik-patient wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fixed @ CVE-2021-41098 #132

mik-patient wants to merge 1 commit into from

Conversation

@mik-patient
Copy link

@mik-patient mik-patient commented Oct 15, 2022

Vulnerability Description

The Nokogiri maintainers have evaluated this as High Severity 7.5 (CVSS3.0) for JRuby users. XXE Injection is a type of attack against an application that parses XML input. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.

CVE-2021-41098
CWE-611
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Github Advisitory

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@metoro metoro Awaiting requested review from metoro metoro is a code owner

@aitmanga aitmanga Awaiting requested review from aitmanga aitmanga is a code owner

@axe-bitso axe-bitso Awaiting requested review from axe-bitso

@chochos chochos Awaiting requested review from chochos chochos is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mik-patient