ГлавнаяУязвимости → CVE-2026-57235
8.2высокая

CVE-2026-57235

Описание

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.

Затрагиваемое ПО
Nokogiri Nokogiri
CVSS
Балл8.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Источники
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5prr-v3j2-97mh