Description
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
Scores
CVSS v3
7.5
EPSS
0.0134
EPSS Percentile
80.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-1333
CWE-400
Status
published
Products (8)
apple/macos
13.0 - 13.1
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
34
fedoraproject/fedora
35
fedoraproject/fedora
36
nokogiri/nokogiri
< 1.13.4
rubygems/nokogiri
0 - 1.13.4RubyGems
Published
Apr 11, 2022
Tracked Since
Feb 18, 2026