CVE-2019-5815: Access of Resource Using Incompatible Type (Type Confusion)

December 11, 2019 (updated December 13, 2019)

Type confusion in xsltNumberFormatGetMultipleLevel in libxslt, which is included in nokogiri, could allow attackers to potentially exploit heap corruption via crafted XML data.

References

bugs.chromium.org/p/chromium/issues/detail?id=930663
gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
nvd.nist.gov/vuln/detail/CVE-2019-5815

Detect and mitigate CVE-2019-5815 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →