Vulnerability CVE-2019-5477

Vulnerability Name:

CVE-2019-5477 (CCN-165241)

Assigned:

2019-08-11

Published:

2019-08-11

Updated:

2022-10-14

Summary:

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-78

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2019-5477

Source: XF
Type: UNKNOWN
nokogiri-cve20195477-command-exec(165241)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/sparklemotion/nokogiri/issues/1915

Source: MISC
Type: Release Notes
https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc

Source: MISC
Type: Permissions Required
https://hackerone.com/reports/650835

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20190926 [SECURITY] [DLA 1933-1] ruby-nokogiri security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20221012 [SECURITY] [DLA 3150-1] rexical security update

Source: CCN
Type: nokogiri Web site
Nokogiri

Source: CCN
Type: oss-sec Mailing List, Sun, 11 Aug 2019 15:51:14 -0400
Nokogiri security update v1.10.4

Source: GENTOO
Type: Third Party Advisory
GLSA-202006-05

Source: UBUNTU
Type: Third Party Advisory
USN-4175-1

Vulnerable Configuration:

Configuration 1:

cpe:/a:nokogiri:nokogiri:*:*:*:*:*:*:*:* (Version <= 1.10.3)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20195477	V	CVE-2019-5477	2023-06-22
oval:org.opensuse.security:def:7799	P	ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95334	P	Security update for ncurses (Moderate) (in QA)	2022-07-18
oval:org.opensuse.security:def:3193	P	libjavascriptcoregtk-4_0-18-2.24.4-2.47.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94823	P	ruby2.5-rubygem-nokogiri-1.8.5-150400.12.4 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:303	P	ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:357	P	ruby2.5-rubygem-nokogiri-1.8.5-150400.12.4 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:1232	P	Security update for the Linux Kernel (Important)	2022-01-19
oval:org.opensuse.security:def:113394	P	ruby2.7-rubygem-nokogiri-1.12.3-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106800	P	Security update for net-snmp (Important)	2022-01-11
oval:org.opensuse.security:def:58112	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:58043	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:60410	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:72062	P	ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101079	P	ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62321	P	ruby2.5-rubygem-nokogiri-1.8.5-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:57484	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:60314	P	Security update for qemu (Important)	2021-07-22
oval:org.opensuse.security:def:57969	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:5786	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:102047	P	Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)	2021-06-01
oval:org.opensuse.security:def:59714	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:60492	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:59599	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:58081	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:60451	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:59844	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:111202	P	Security update for rubygem-nokogiri (Important)	2021-02-05
oval:org.opensuse.security:def:100643	P	(Important)	2021-02-01
oval:org.opensuse.security:def:91880	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:109532	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:66492	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:8257	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:75560	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:118628	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:97161	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:102866	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:66875	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:8324	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:104854	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:98164	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:96176	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:75943	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:5403	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:100314	P	(Important)	2021-02-01
oval:org.opensuse.security:def:91199	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:8366	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:108713	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:98830	P	Security update for rubygem-nokogiri (Important)	2021-02-01
oval:org.opensuse.security:def:57039	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:84625	P	Security update for rubygem-nokogiri (Important)	2021-01-25
oval:org.opensuse.security:def:81085	P	Security update for rubygem-nokogiri (Important)	2021-01-25
oval:org.opensuse.security:def:88460	P	Security update for rubygem-nokogiri (Important)	2021-01-25
oval:org.opensuse.security:def:60151	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:59166	P	Security update for texlive (Important)	2020-12-01
oval:org.opensuse.security:def:56639	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:60750	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:59661	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:60908	P	Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone (Moderate)	2020-12-01
oval:org.opensuse.security:def:59010	P	Security update for krb5 (Important)	2020-12-01
oval:org.opensuse.security:def:58162	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:56638	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:60666	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:60198	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:57318	P	Security update for dhcpcd (Important)	2020-12-01
oval:org.opensuse.security:def:59408	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:60829	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:58988	P	Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:60569	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59899	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:57212	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:59250	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:60619	P	Security update for ardana-ansible, ardana-db, ardana-freezer, ardana-glance, ardana-input-model, ardana-nova, ardana-osconfig, ardana-tempest, caasp-openstack-heat-templates, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-monasca-ui, openstack-horizon-plugin-neutron-fwaas-ui, openstack-ironic, openstack-keystone, openstack-manila, openstack-monasca-agent, openstack-monasca-api, openstack-monasca-persister, openstack-monasca-persister-java, openstack-murano, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, python-Beaver, python-oslo.db, python-osprofiler, python-swiftlm, venv-openstack-magnum, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-neutron (Moderate)	2020-12-01
oval:org.opensuse.security:def:58987	P	Security update for the Linux Kernel (Live Patch 11 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:58186	P	Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer (Moderate)	2020-12-01
oval:org.opensuse.security:def:59228	P	Security update for krb5-appl (Important)	2020-12-01
oval:org.opensuse.security:def:60530	P	res-signingkeys on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56801	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:60879	P	Security update for rubygem-loofah (Moderate)	2020-12-01
oval:org.opensuse.security:def:59227	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:57877	P	logwatch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59962	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:59418	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:60647	P	Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone (Moderate)	2020-12-01
oval:org.opensuse.security:def:56661	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:60788	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:57769	P	libXi6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:83913	P	Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone (Moderate)	2019-10-30
oval:org.opensuse.security:def:84361	P	Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone (Moderate)	2019-10-30
oval:org.opensuse.security:def:80821	P	Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer (Moderate)	2019-10-15
oval:com.ubuntu.disco:def:201954770000000	V	CVE-2019-5477 on Ubuntu 19.04 (disco) - medium.	2019-08-16
oval:com.ubuntu.bionic:def:201954770000000	V	CVE-2019-5477 on Ubuntu 18.04 LTS (bionic) - medium.	2019-08-16
oval:com.ubuntu.xenial:def:201954770000000	V	CVE-2019-5477 on Ubuntu 16.04 LTS (xenial) - medium.	2019-08-16

BACK