CVE-2019-5477

Sažetak

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

Reference

https://hackerone.com/reports/650835
https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
https://github.com/sparklemotion/nokogiri/issues/1915
https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
https://usn.ubuntu.com/4175-1/
https://security.gentoo.org/glsa/202006-05
https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

14-10-2022 - 18:46

Objavljeno

16-08-2019 - 16:15