FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nokogiri -- Security vulnerability

Affected packages
rubygem-nokogiri < 1.11.0.rc3
rubygem-nokogiri18 < 1.11.0.rc3

Details

VuXML ID 13c54e6d-5c45-11eb-b4e2-001b217b3468
Discovery 2021-01-22
Entry 2021-01-22

Nokogiri reports:

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema were trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.

References

CVE Name CVE-2020-26247
URL https://nokogiri.org/CHANGELOG.html