Vulnerability Description
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nokogiri | Nokogiri | < 1.5.4 |
| Redhat | Cloudforms Management Engine | 5.0 |
| Redhat | Openshift | 2.0 |
| Redhat | Openstack | 4.0 |
| Redhat | Openstack Foreman | - |
| Redhat | Satellite | 6.0 |
| Redhat | Subscription Asset Manager | - |
| Redhat | Enterprise Mrg | 2.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1178970Issue TrackingThird Party Advisory
- https://github.com/sparklemotion/nokogiri/issues/693ExploitIssue TrackingThird Party Advisory
- https://nokogiri.org/CHANGELOG.html#154-2012-06-12Release NotesVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1178970Issue TrackingThird Party Advisory
- https://github.com/sparklemotion/nokogiri/issues/693ExploitIssue TrackingThird Party Advisory
- https://nokogiri.org/CHANGELOG.html#154-2012-06-12Release NotesVendor Advisory
FAQ
What is CVE-2012-6685?
CVE-2012-6685 is a vulnerability with a CVSS score of 7.5 (HIGH). Nokogiri before 1.5.4 is vulnerable to XXE attacks
How severe is CVE-2012-6685?
CVE-2012-6685 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6685?
Check the references section above for vendor advisories and patch information. Affected products include: Nokogiri Nokogiri, Redhat Cloudforms Management Engine, Redhat Openshift, Redhat Openstack, Redhat Openstack Foreman.