What is CVE-2022-29181?

CVE-2022-29181 is a high-severity vulnerability in Sparklemotion Nokogiri, classified under CWE-241. CVSS score: 8.2/10. Published 2022-05-20.

How severe is CVE-2022-29181?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Sparklemotion Nokogiri

CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors…

EPSS: 0.042 (88.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H.

Affected products

Sparklemotion Nokogiri — versions < 1.13.6

Weakness classification (CWE)

CWE-241

References

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m (x_refsource_CONFIRM)
https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7 (x_refsource_MISC)
https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267 (x_refsource_MISC)
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6 (x_refsource_MISC)
https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-29181?: CVE-2022-29181 is a high-severity vulnerability in Sparklemotion Nokogiri, classified under CWE-241. CVSS score: 8.2/10. Published 2022-05-20.
How severe is CVE-2022-29181?: High severity. CVSS v3 base score is 8.2 out of 10.