Inefficient Regular Expression Complexity
CVE-2022-24836
Summary
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri before v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri 1.13.4 or later. There are no known workarounds for this issue.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published