HIGH7.8
Уязвимость файла numbers.ct библиотеки libxslt, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:HCVSS 2.0MEDIUM 5.6
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:C/A:CReferences
Severity:
Closed issues (5)
HIGH7.8
Уязвимость функции xsltGetInheritedNsList библиотеки libxslt, позволяющая нарушителю оказать влияние на целостность и доступность защищаемой информации
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:HCVSS 2.0MEDIUM 5.6
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:C/A:CReferences
HIGH7.8
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HHIGH7.8
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HHIGH7.8
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:HReferences
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664
- https://nvd.nist.gov/vuln/detail/CVE-2024-55549
- https://nvd.nist.gov/vuln/detail/CVE-2025-24855
- https://github.com/sparklemotion/nokogiri
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/128