ByteOS Network

Vulnerability Details :

CVE-2022-29181

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-20 May, 2022 | 00:00

Updated At-27 May, 2025 | 14:51

Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:20 May, 2022 | 00:00

Updated At:27 May, 2025 | 14:51

▼CVE Numbering Authority (CNA)

Improper Handling of Unexpected Data Type in Nokogiri

Affected Products

Vendor

Sparkle Motion

Product

nokogiri

Versions

Affected

< 1.13.6

Problem Types

Type	CWE ID	Description
CWE	CWE-241	CWE-241: Improper Handling of Unexpected Data Type

Type: CWE

CWE ID: CWE-241

Description: CWE-241: Improper Handling of Unexpected Data Type

Metrics

Version	Base score	Base severity	Vector
3.1	8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Version: 3.1

Base score: 8.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References

Hyperlink	Resource
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m	x_refsource_CONFIRM
https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7	x_refsource_MISC
https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267	x_refsource_MISC
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6	x_refsource_MISC
https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri	x_refsource_MISC

Hyperlink: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7

Resource:

x_refsource_MISC

Hyperlink: https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267

Resource:

x_refsource_MISC

Hyperlink: https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6

Resource:

x_refsource_MISC

Hyperlink: https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m	x_transferred
https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267	x_transferred
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6	x_transferred
https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/	x_transferred
https://security.gentoo.org/glsa/202208-29	vendor-advisory x_transferred
https://support.apple.com/kb/HT213532	x_transferred
http://seclists.org/fulldisclosure/2022/Dec/23	mailing-list x_transferred

Hyperlink: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Resource:

x_transferred

Hyperlink: https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267

Resource:

x_transferred

Hyperlink: https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6

Resource:

x_transferred

Hyperlink: https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/

Resource:

x_transferred

Hyperlink: https://security.gentoo.org/glsa/202208-29

Resource:

vendor-advisory

x_transferred

Hyperlink: https://support.apple.com/kb/HT213532

Resource:

x_transferred

Hyperlink: http://seclists.org/fulldisclosure/2022/Dec/23

Resource:

mailing-list

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:20 May, 2022 | 19:15

Updated At:27 May, 2025 | 15:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Primary	3.1	8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P

Type: Secondary

Version: 3.1

Base score: 8.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Type: Primary

Version: 3.1

Base score: 8.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Type: Primary

Version: 2.0

Base score: 6.4

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:P

CPE Matches

Sparkle Motion

>>nokogiri>>Versions before 1.13.6(exclusive)

cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*

Apple Inc.

>>macos>>Versions from 13.0(inclusive) to 13.1(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-241	Secondary	security-advisories@github.com
CWE-843	Primary	nvd@nist.gov

CWE ID: CWE-241

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-843

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7	security-advisories@github.com	N/A
https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267	security-advisories@github.com	Patch Third Party Advisory
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6	security-advisories@github.com	Release Notes Third Party Advisory
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m	security-advisories@github.com	Issue Tracking Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri	security-advisories@github.com	N/A
http://seclists.org/fulldisclosure/2022/Dec/23	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6	af854a3a-2127-422b-91ae-364da2661108	Release Notes Third Party Advisory
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/202208-29	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory
https://support.apple.com/kb/HT213532	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

Hyperlink: https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267

Source: security-advisories@github.com

Resource:

Patch

Third Party Advisory

Hyperlink: https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6

Source: security-advisories@github.com

Resource:

Release Notes

Third Party Advisory

Hyperlink: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m

Source: security-advisories@github.com

Resource:

Issue Tracking

Third Party Advisory

Hyperlink: https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri

Source: security-advisories@github.com

Resource: N/A

Hyperlink: http://seclists.org/fulldisclosure/2022/Dec/23