CVE-2012-6685

HIGH

Nokogiri < 1.5.4 - XML External Entity Injection

Title source: llm
STIX 2.1

Description

Nokogiri before 1.5.4 is vulnerable to XXE attacks

References (3)

Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/sparklemotion/nokogiri/issues/693
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1178970
Release Notes, Vendor Advisory x_refsource_confirm
https://nokogiri.org/CHANGELOG.html#154-2012-06-12

Scores

CVSS v3 7.5
EPSS 0.0211
EPSS Percentile 79.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-776
Status published
Products (10)
nokogiri/nokogiri < 1.5.4
redhat/cloudforms_management_engine 5.0
redhat/enterprise_mrg 2.0
redhat/openshift 2.0
redhat/openstack 4.0
redhat/openstack 6.0
redhat/openstack_foreman
redhat/satellite 6.0
redhat/subscription_asset_manager
rubygems/nokogiri 0 - 1.5.4RubyGems
Published Feb 19, 2020
Tracked Since Feb 18, 2026