CVE-2022-24836

HIGH

Nokogiri < 1.13.4 - Inefficient Regular Expression Complexity in HTML Encoding Detection

Title source: llm
STIX 2.1

Description

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.

References (11)

Core 11
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202208-29
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Dec/23

Scores

CVSS v3 7.5
EPSS 0.0335
EPSS Percentile 87.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-1333 CWE-400
Status published
Products (8)
apple/macos 13.0 - 13.1
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
nokogiri/nokogiri < 1.13.4
rubygems/nokogiri 0 - 1.13.4RubyGems
Published Apr 11, 2022
Tracked Since Feb 18, 2026