WS-2022-0089 (High) detected in nokogiri-1.12.5.gem - autoclosed

Question

WS-2022-0089 (High) detected in nokogiri-1.12.5.gem - autoclosed

mend-for-github-com opened this issue 2 years ago · comments

mend-for-github-com commented 2 years ago

WS-2022-0089 - High Severity Vulnerability

Vulnerable Library - nokogiri-1.12.5.gem

Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. It provides a sensible, easy-to-understand API for reading, writing, modifying, and querying documents. It is fast and standards-compliant by relying on native parsers like libxml2 (C) and xerces (Java).

Library home page: https://rubygems.org/gems/nokogiri-1.12.5.gem

Dependency Hierarchy:

❌ nokogiri-1.12.5.gem (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Nokogiri before version 1.13.2 is vulnerable.

Publish Date: 2022-03-01

URL: WS-2022-0089

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-fq42-c5rg-92c2

Release Date: 2022-03-01

Fix Resolution: nokogiri - v1.13.2

mend-for-github-com · Answer 1 · Fri May 06 2022 15:38:22 GMT+0800 (China Standard Time)

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.