CVE-2019-11068: Bypass of a protection mechanism in libxslt
(updated )
The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of xsltCheckRead
and xsltCheckWrite
permit access even upon receiving a -1 error code. xsltCheckRead
can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
References
Detect and mitigate CVE-2019-11068 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →