Vulnerabilities

 13 via 95 paths

Dependencies

 97

Source

 GitHub

Commit

 be511ba9

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 6
  • 4
  • 3
Status
  • 13
  • 0
  • 0

high severity

Expired Pointer Dereference

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Expired Pointer Dereference via 'xmlSchematronGetNode()` function in Schematron validator. An attacker can cause a crash or execute arbitrary code by triggering use of freed memory.

Remediation

Upgrade nokogiri to version 1.18.9 or higher.

References

Expired Pointer Dereference vulnerability report

high severity

Expired Pointer Dereference

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Expired Pointer Dereference due to a null pointer dereference while processing XPath XML expressions. An attacker can cause a crash and disrupt service availability by sending specially crafted input that triggers the dereference.

Remediation

Upgrade nokogiri to version 1.18.9 or higher.

References

Expired Pointer Dereference vulnerability report

high severity

Out-of-bounds Read

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Out-of-bounds Read due to improper namespace processing of sch:name elements in xmlSchematronFormatReport() function. An attacker can cause a denial of service or potentially execute arbitrary code by providing specially crafted XML input.

Remediation

Upgrade nokogiri to version 1.18.9 or higher.

References

Out-of-bounds Read vulnerability report

high severity

Stack-based Buffer Overflow

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the xmlBuildQName function. An attacker can cause a crash and denial of service by supplying specially crafted XML input that triggers an integer overflow and subsequent stack buffer overflow.

Remediation

Upgrade nokogiri to version 1.18.9 or higher.

References

Stack-based Buffer Overflow vulnerability report

high severity

Use After Free

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Use After Free in the xmlSchemaItemListAdd() function in xmlschemas.c, which is exploitable by supplying a malicious .xsd schema for validation. it may also be exploitable when an xsd:keyref is provided in combination with recursively defined types that have additional identity constraints, for validation against a non malicious schema.

Remediation

Upgrade nokogiri to version 1.18.3 or higher.

References

Use After Free vulnerability report

high severity

Stack-based Buffer Overflow

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the xmlSnprintfElements() function. An attacker can overwrite out-of-bounds stack memory with XML NCName data by supplying a malicious XML document or malicious DTD.

This vulnerability is similar to the previously reported and patched (CVE-2017-9047)[https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBXML2-3004044].

Remediation

Upgrade nokogiri to version 1.18.3 or higher.

References

Stack-based Buffer Overflow vulnerability report

medium severity

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

  • Vulnerable module: rexml
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 kramdown-parser-gfm@1.1.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-avatar@0.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-commonmark-ghpages@0.5.1 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-default-layout@0.1.5 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-feed@0.17.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-github-metadata@2.16.1 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-include-cache@0.2.1 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-optional-front-matter@0.3.2 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-readme-index@0.3.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-redirect-from@0.16.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-relative-links@0.6.1 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-remote-theme@0.4.3 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-sitemap@1.4.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-architect@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-cayman@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-dinky@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-hacker@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-leap-day@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-merlot@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-midnight@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-minimal@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-modernist@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-primer@0.6.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-slate@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-tactile@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-time-machine@0.2.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-titles-from-headings@0.5.3 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 minima@2.5.1 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 minima@2.5.1 jekyll-feed@0.17.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-primer@0.6.0 jekyll-github-metadata@2.16.1 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-architect@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-cayman@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-dinky@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-hacker@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-leap-day@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-merlot@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-midnight@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-minimal@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-modernist@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-primer@0.6.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-slate@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-tactile@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-time-machine@0.2.0 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 minima@2.5.1 jekyll-seo-tag@2.8.0 jekyll@3.10.0 kramdown@2.4.0 rexml@3.4.0
    Remediation: Upgrade to github-pages@232.

Overview

rexml is an An XML toolkit for Ruby.

Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') due to parsing XML. An attacker can cause excessive resource consumption and disrupt service availability by submitting specially crafted XML files containing multiple XML declarations.

Remediation

Upgrade rexml to version 3.4.2 or higher.

References

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') vulnerability report

medium severity

Use After Free

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Use After Free through the numbers.c component. An attacker can cause memory corruption or execute arbitrary code by exploiting nested XPath evaluations where an XPath context node is modified but not restored.

Remediation

Upgrade nokogiri to version 1.18.4 or higher.

References

Use After Free vulnerability report

medium severity

Use After Free

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Use After Free through the xsltGetInheritedNsList process. An attacker can manipulate memory and potentially execute arbitrary code by excluding result prefixes.

Remediation

Upgrade nokogiri to version 1.18.4 or higher.

References

Use After Free vulnerability report

medium severity
new

Improper Removal of Sensitive Information Before Storage or Transfer

  • Vulnerable module: uri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 github-pages-health-check@1.18.2 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-gist@1.5.0 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-github-metadata@2.16.1 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 github-pages-health-check@1.18.2 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-gist@1.5.0 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-github-metadata@2.16.1 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-primer@0.6.0 jekyll-github-metadata@2.16.1 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-primer@0.6.0 jekyll-github-metadata@2.16.1 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.

Overview

Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the use of the + operator when combining URIs. An attacker can obtain sensitive user credentials by crafting a URI that, when merged with another, results in the unintended exposure of authentication information.

Note: This vulnerability is a bypass of the fix to CVE-2025-27221.

Remediation

Upgrade uri to version 0.12.5, 0.13.3, 1.0.4 or higher.

References

Improper Removal of Sensitive Information Before Storage or Transfer vulnerability report

low severity

Buffer Under-read

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Buffer Under-read in the xmlSchemaIDCFillNodeTables() function. An attacker can cause partial denial of service by by validating a malicious XML document against an XML schema using xsd:keyref in combination with recursively defined types that have additional identity constraints.

Remediation

Upgrade nokogiri to version 1.18.8 or higher.

References

Buffer Under-read vulnerability report

low severity

Improper Removal of Sensitive Information Before Storage or Transfer

  • Vulnerable module: uri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 github-pages-health-check@1.18.2 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-gist@1.5.0 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-github-metadata@2.16.1 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 github-pages-health-check@1.18.2 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-gist@1.5.0 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-github-metadata@2.16.1 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-primer@0.6.0 jekyll-github-metadata@2.16.1 octokit@4.25.1 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-theme-primer@0.6.0 jekyll-github-metadata@2.16.1 octokit@4.25.1 sawyer@0.9.2 faraday@2.12.2 faraday-net_http@3.4.0 net-http@0.6.0 uri@1.0.2
    Remediation: Upgrade to github-pages@232.

Overview

Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the URI#join, URI#merge, and URI#+ methods, which may expose stored credentials from userinfo, after the host is replaced. An attacker can cause a URL to a malicious host to be generated containing fields such as user:password can expose that information when the victim accesses the URL.

Remediation

Upgrade uri to version 0.11.3, 0.12.4, 0.13.2, 1.0.3 or higher.

References

Improper Removal of Sensitive Information Before Storage or Transfer vulnerability report

low severity

Stack-based Buffer Overflow

  • Vulnerable module: nokogiri
  • Introduced through: github-pages@232

Detailed paths

  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jekyll-mentions@1.6.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.
  • Introduced through: nsnull0/meself:Gemfile.lock@nsnull0/meself#be511ba9cdb9340c72c45e71aed397dff3d9bb68 github-pages@232 jemoji@0.13.0 html-pipeline@2.14.3 nokogiri@1.17.2-arm64-darwin
    Remediation: Upgrade to github-pages@232.

Overview

nokogiri is a gem for parsing HTML, XML, SAX, and Reader.

Affected versions of this package are vulnerable to Stack-based Buffer Overflow due to unsafe use of strcpy() in the xmllint interactive shell command tool. An attacker can cause a crash by providing an overly long argument to any shell command during an interactive session.

Note:

This vulnerability affects only the interactive shell and requires that an attacker can influence or control the command input to xmllint, which is uncommon in typical deployments.

Remediation

Upgrade nokogiri to version 1.18.9 or higher.

References

Stack-based Buffer Overflow vulnerability report