漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
Sparkle Motion Nokogiri 缓冲区错误漏洞
Vulnerability Description
Sparkle Motion Nokogiri是Sparkle Motion个人开发者的一个HTML、XML和SAX解析库。 Sparkle Motion Nokogiri 1.19.4之前版本存在安全漏洞,该漏洞源于对索引检查时使用了32位截断副本,可能导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A