{
  "schema_version": "1.4.0",
  "id": "GHSA-q7wx-62r7-j2x7",
  "modified": "2023-03-14T19:07:20Z",
  "published": "2018-08-08T22:31:12Z",
  "aliases": [
    "CVE-2015-1819"
  ],
  "summary": "Nokogiri vulnerable to libxml XML Entity Expansion",
  "details": "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.",
  "severity": [],
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "nokogiri"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "1.6.6.0"
            },
            {
              "fixed": "1.6.6.4"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 1.6.6.3"
      }
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1819"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sparklemotion/nokogiri/issues/1374"
    },
    {
      "type": "WEB",
      "url": "https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201507-08"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-37"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206166"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206167"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206169"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1419.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3430"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2812-1"
    },
    {
      "type": "WEB",
      "url": "http://xmlsoft.org/news.html"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-776"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:51:25Z",
    "nvd_published_at": null
  }
}