Vulnerability identifier: #VU64190

Vulnerability risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24836

CWE-ID: CWE-185

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nokogiri
Universal components / Libraries / Programming Languages & Components

Vendor: nokogiri.org

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to usage of an incorrect regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. A remote attacker can bypass implemented restrictions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Nokogiri: 1.4.4 - 1.13.3

---

External links
http://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
http://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
http://lists.debian.org/debian-lts-announce/2022/05/msg00013.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.