CVE-2012-6685: XML External Entity (XXE) Expansion Internal Network Response Remote

February 19, 2020 (updated February 25, 2020)

Nokogiri is vulnerable to XXE attacks.

References

bugzilla.redhat.com/show_bug.cgi?id=1178970
github.com/sparklemotion/nokogiri/commit/599856367150709497a3a03bee930bd76504d95d
github.com/sparklemotion/nokogiri/issues/693
nokogiri.org/CHANGELOG.html
nvd.nist.gov/vuln/detail/CVE-2012-6685

Detect and mitigate CVE-2012-6685 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →