CVE-2019-11068: Bypass of a protection mechanism in libxslt

April 10, 2019 (updated June 14, 2019)

The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
github.com/sparklemotion/nokogiri/issues/1892
nvd.nist.gov/vuln/detail/CVE-2019-11068
people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
security-tracker.debian.org/tracker/CVE-2019-11068

Code Behaviors & Features

Detect and mitigate CVE-2019-11068 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →