Skip to content

Commit 268a38c

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@305a6b3 
1 parent e97efb3 commit 268a38c

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed

advisories/_posts/2025-03-14-GHSA-mrxw-mxhj-p664.md

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
---
2+
layout: advisory
3+
title: 'GHSA-mrxw-mxhj-p664 (nokogiri): Nokogiri updates packaged libxslt to v1.1.43
4+
to resolve multiple CVEs'
5+
comments: false
6+
categories:
7+
- nokogiri
8+
advisory:
9+
gem: nokogiri
10+
ghsa: mrxw-mxhj-p664
11+
url: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664
12+
title: Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
13+
date: 2025-03-14
14+
description: |
15+
## Summary
16+
17+
Nokogiri v1.18.4 upgrades its dependency libxslt to
18+
[v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43).
19+
20+
libxslt v1.1.43 resolves:
21+
22+
- CVE-2025-24855: Fix use-after-free of XPath context node
23+
- CVE-2024-55549: Fix UAF related to excluded namespaces
24+
25+
## Impact
26+
27+
### CVE-2025-24855
28+
29+
- "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node"
30+
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
31+
- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
32+
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855
33+
34+
### CVE-2024-55549
35+
36+
- "Use-after-free related to excluded result prefixes"
37+
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
38+
- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
39+
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549
40+
cvss_v3: 7.8
41+
patched_versions:
42+
- ">= 1.18.4"
43+
related:
44+
url:
45+
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664
46+
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
47+
- https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
48+
- https://github.com/advisories/GHSA-mrxw-mxhj-p664
49+
cve:
50+
- https://nvd.nist.gov/vuln/detail/CVE-2024-55549
51+
- https://nvd.nist.gov/vuln/detail/CVE-2025-24855
52+
---

0 commit comments

Comments
 (0)