[PA-4767] osx-10.15-x86_64 - NULL Pointer Dereference in nokogiri - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: High
Resolution: Done
Affects Version/s: None
Fix Version/s: puppet-agent 7.21.0
Component/s: None
Labels:
None

Epic Link:
Puppet Maintenance CY22 Q4
Team:
Phoenix
Story Points:
1
Sprint:
Phoenix 2022-11-09, Phoenix 2022-11-23
Method Found:
Needs Assessment

Release Notes:
Security Fix
Release Notes Summary:
Updates Nokogiri to 1.13.9, which addresses CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303 in Nokogiri's vendored libxml2 and CVE-2022-37434 in Nokogiri's vendored zlib.

QA Risk Assessment:
Needs Assessment

Description

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to NULL Pointer Dereference due to the usage of a vulnerable version of the bundled libxml2 package.

More about this issue

Vulnerability in osx-10.15-x86_64

Introduced through: nokogiri

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attachments

Issue Links

links to

Snyk: Vulnerability in osx-10.15-x86_64 NULL Pointer Dereference

Activity

People

Assignee:: Michael Hashizume

Reporter:: Snyk Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022/10/20 9:51 AM

Updated:: 2022/11/30 4:02 PM

Resolved:: 2022/11/11 3:15 PM