Skip to content

gollum-lib linked to vulnerable nokogiri version #278

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
gollum-lib linked to vulnerable nokogiri version#278
@josacar

Description

@josacar
josacar
opened on Jun 6, 2017

Hi,

nokogiri dependencies are tightened to ~> 1.6.4, however 1.6.x includes vulnerable bundled libs:

Name: nokogiri
Version: 1.6.8.1
Advisory: CVE-2016-4658
Criticality: Unknown
URL: https://github.com/sparklemotion/nokogiri/issues/1615
Title: Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Solution: upgrade to >= 1.7.1

Vulnerabilities found!

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions