{"id":"MGASA-2022-0200","summary":"Updated ruby-nokogiri packages fix security vulnerability","details":"Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers,\nallowing specially crafted untrusted inputs to cause illegal memory access\nerrors (segfault) or reads from unrelated memory. Version 1.13.6 contains\na patch for this issue. As a workaround, ensure the untrusted input is a\n'String' by calling '#to_s' or equivalent.\n","modified":"2026-04-16T00:12:09.916606480Z","published":"2022-05-22T11:26:36Z","upstream":["CVE-2022-29181"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0200.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30451"},{"type":"ADVISORY","url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4J4GGCK2IK6R7HJKHPGPCCZRBXEWHBVC/"}],"affected":[{"package":{"name":"ruby-nokogiri","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ruby-nokogiri?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.7-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0200.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}