Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
Vulnerability Description
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. This vulnerability is fixed in 1.19.4.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
Sparkle Motion Nokogiri 资源管理错误漏洞
Vulnerability Description
Sparkle Motion Nokogiri是Sparkle Motion个人开发者的一个HTML、XML和SAX解析库。 Sparkle Motion Nokogiri 1.19.4之前版本存在资源管理错误漏洞,该漏洞源于在设置文档根节点时验证不足,导致垃圾回收或终止期间出现堆释放后重用,可能导致无效内存读取或段错误。
CVSS Information
N/A
Vulnerability Type
N/A