7.1

CVSS Score

Basic Information

CVE ID

CVE-2015-5312

GHSA ID

GHSA-xjqg-9jvg-fgx2

EPSS Score

0.87123%

CWE

CWE-400

Published

8/21/2018

Updated

8/25/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2015-5312

CVE-2015-5312: Nokogiri subject to DoS via libxml2 vulnerability

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 (as used in nokogiri before 1.6.7.1) does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

(GitHub Advisory)

7.1

CVSS Score

Basic Information

CVE ID

CVE-2015-5312

GHSA ID

GHSA-xjqg-9jvg-fgx2

EPSS Score

0.87123%

CWE

CWE-400

Published

8/21/2018

Updated

8/25/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nokogiri	rubygems	>= 1.6.0, <= 1.6.7.0	1.6.7.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

T** xmlStrin*L*n***o***ntiti*s *un*tion in p*rs*r.* in li*xml* ***or* *.*.* (*s us** in noko*iri ***or* *.*.*.*) *o*s not prop*rly pr*v*nt *ntity *xp*nsion, w*i** *llows *ont*xt-**p*n**nt *tt**k*rs to **us* * **ni*l o* s*rvi** (*PU *onsumption) vi* *

Reasoning

No *n*lysis *v*il**l*

7.1

Basic Information

Concerned about an active attack path?

CVE-2015-5312: Nokogiri subject to DoS via libxml2 vulnerability

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI