Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-4489

Nokogiri Vulnerability

    XMLWordPrintable

Details

    • Task
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • puppet-agent 7.17.0
    • None
    • Phoenix
    • 1
    •  CVE-2022-29181
    • Phoenix 2022-05-25
    • Security Fix
    • Fix for CVE-2022-29181
    • Needs Assessment

    Description

      A security vulnerability was discovered in Nokogiri that makes its handling of unexpected data types susceptible to exploitation.

      This vulnerability (CVE-2022-29181) is rated as an 8.2 (high) on the CVSS scale.

      Nokogiri 1.13.6 patches this vulnerability. agent-runtime-main currently includes 1.13.4.

      Security bulletin posted here: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

      Attachments

        Activity

          People

            Unassigned Unassigned
            michael.hashizume Michael Hashizume
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support