{"id":"GHSA-6wj9-77wq-jq7p","summary":"Nokogiri is vulnerable to XML External Entity (XXE) attack","details":"Nokogiri before 1.5.4 is vulnerable to XXE attacks.","aliases":["CVE-2012-6685"],"modified":"2023-11-08T03:57:12.130741Z","published":"2022-04-23T00:40:45Z","database_specific":{"severity":"HIGH","github_reviewed":true,"cwe_ids":["CWE-776"],"nvd_published_at":"2020-02-19T15:15:00Z","github_reviewed_at":"2022-09-12T16:55:39Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6685"},{"type":"WEB","url":"https://github.com/sparklemotion/nokogiri/issues/693"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1178970"},{"type":"PACKAGE","url":"https://github.com/sparklemotion/nokogiri"},{"type":"WEB","url":"https://nokogiri.org/CHANGELOG.html#154-2012-06-12"}],"affected":[{"package":{"name":"nokogiri","ecosystem":"RubyGems","purl":"pkg:gem/nokogiri"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.4"}]}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.1.0","1.1.1","1.2.0","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1","1.3.2","1.3.3","1.4.0","1.4.1","1.4.2","1.4.2.1","1.4.3","1.4.3.1","1.4.4","1.4.4.1","1.4.4.2","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.0.beta.3","1.5.0.beta.4","1.5.1","1.5.1.rc1","1.5.2","1.5.3","1.5.3.rc2","1.5.3.rc3","1.5.3.rc4","1.5.3.rc5","1.5.3.rc6","1.5.4.rc1","1.5.4.rc2","1.5.4.rc3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-6wj9-77wq-jq7p/GHSA-6wj9-77wq-jq7p.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}