Headline
CVE-2022-24839: fix: ensure ill-formed PIs are parsed correctly · sparklemotion/nekohtml@a800fce
org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri (Rubygem) raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to >= 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.
Permalink
Browse files
fix: ensure ill-formed PIs are parsed correctly
- Loading branch information
1 parent 6fe9b53 commit a800fce3b079def130ed42a408ff1d09f89e773d
Showing with 1 addition and 1 deletion.
- +1 −1 src/org/cyberneko/html/HTMLScanner.java
@@ -2588,7 +2588,7 @@ protected void scanPI() throws IOException {
if (c == ‘?’ || c == ‘/’) {
char c0 = (char)c;
c = fCurrentEntity.read();
if (c == ‘>’) {
if (c == ‘>’ || c == -1) {
break;
}
fStringBuffer.append(c0);
0 comments on commit a800fce
Please sign in to comment.