{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-24836","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","dateUpdated":"2024-09-03T12:03:46.858Z","dateReserved":"2022-02-10T00:00:00.000Z","datePublished":"2022-04-11T00:00:00.000Z"},"containers":{"cna":{"title":"Inefficient Regular Expression Complexity in Nokogiri","providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2022-12-21T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue."}],"affected":[{"vendor":"sparklemotion","product":"nokogiri","versions":[{"version":"< 1.13.4","status":"affected"}]}],"references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8"},{"url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd"},{"name":"FEDORA-2022-9ed7641ce0","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/"},{"name":"FEDORA-2022-132c6d7c2e","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/"},{"name":"FEDORA-2022-d231cb5e1f","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/"},{"name":"[debian-lts-announce] 20220513 [SECURITY] [DLA 3003-1] ruby-nokogiri security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"},{"name":"GLSA-202208-29","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202208-29"},{"name":"[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"url":"https://support.apple.com/kb/HT213532"},{"name":"20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Dec/23"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-400: Uncontrolled Resource Consumption","cweId":"CWE-400"}]},{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-1333: Inefficient Regular Expression Complexity","cweId":"CWE-1333"}]}],"source":{"advisory":"GHSA-crjr-9rc5-ghw8","discovery":"UNKNOWN"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8","tags":["x_transferred"]},{"url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd","tags":["x_transferred"]},{"name":"FEDORA-2022-9ed7641ce0","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/"},{"name":"FEDORA-2022-132c6d7c2e","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/"},{"name":"FEDORA-2022-d231cb5e1f","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/"},{"name":"[debian-lts-announce] 20220513 [SECURITY] [DLA 3003-1] ruby-nokogiri security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"},{"name":"GLSA-202208-29","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202208-29"},{"name":"[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"url":"https://support.apple.com/kb/HT213532","tags":["x_transferred"]},{"name":"20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Dec/23"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00010.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-09-03T12:03:46.858Z"}}]}}