Skip to main content

Inefficient Regular Expression Complexity

CVE-2022-24836

Severity High
Score 7.5/10

Summary

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri before v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri 1.13.4 or later. There are no known workarounds for this issue.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-1333 - Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Advisory Timeline

  • Published