Nokogiri
CVE-2019-5477
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
AnalysisAI
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. Affected products include: Nokogiri, Canonical Ubuntu Linux, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 8.2), this vulnerability is remotely
Nokogiri is an open source XML and HTML library for the Ruby programming language. Rated high severity (CVSS 7.5), this
Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 7.5), this vulnerability is remotely
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated high sever
Out-of-bounds read in Nokogiri's `NodeSet#[]` method (all versions before 1.19.4) enables an attacker who can supply a l
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated medium sev
NONET network restriction bypass in Nokogiri's JRuby implementation permits external resource fetching during XML Schema
Use-after-free in Nokogiri's CRuby XInclude processing (versions prior to 1.19.4) can leave Ruby wrapper objects pointin
Use-after-free in Nokogiri's CRuby implementation (versions prior to 1.19.4) allows an application crash via segfault wh
Heap use-after-free in Nokogiri's CRuby implementation (prior to 1.19.4) can corrupt process memory when application cod
Use-after-free in Nokogiri's CRuby native extension (versions prior to 1.19.4) can corrupt process memory or cause a seg
Null pointer dereference in Nokogiri prior to 1.19.4 crashes the Ruby process when application code incorrectly calls `.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today