CVE-2015-8806: Denial of service or RCE from libxml2 and libxslt

April 13, 2016 (updated June 30, 2017)

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.

References

www.ubuntu.com/usn/usn-2994-1/
github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
github.com/sparklemotion/nokogiri/issues/1473
mail.gnome.org/archives/xml/2016-May/msg00023.html

Detect and mitigate CVE-2015-8806 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →