Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

Summary

Nokogiri v1.18.4 upgrades its dependency libxslt to v1.1.43.

libxslt v1.1.43 resolves:

CVE-2025-24855: Fix use-after-free of XPath context node
CVE-2024-55549: Fix UAF related to excluded namespaces

Impact

CVE-2025-24855

"Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node"
MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855

CVE-2024-55549

"Use-after-free related to excluded result prefixes"
MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549

Published: Mar 14, 2025
Updated: Apr 30, 2025
GHSA: GHSA-mrxw-mxhj-p664
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWEs:

Affected Software
References

Software	From	Fixed in
nokogiri	-	1.18.4