| Package | ruby-nokogiri |
|---|---|
| Version | 1.6.3.1+ds-1+deb8u3 |
| Related CVEs | CVE-2022-24836 |
It was discovered that there was a potential denial of service attack in ruby-nokogiri, a HTML, XML, SAX etc. parser written in/for the Ruby programming language. This was caused by the use of inefficient regular expressions that were susceptible to excessive backtracking.
For Debian 8 Jessie, these problems have been fixed in version 1.6.3.1+ds-1+deb8u3.
We recommend that you upgrade your ruby-nokogiri packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.