chromedriver-helper-2.1.1.gem: 12 vulnerabilities (highest severity is: 8.8) #41
Description
Vulnerable Library - chromedriver-helper-2.1.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Exploit Maturity | EPSS | Dependency | Type | Fixed in (chromedriver-helper version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| WS-2022-0089 |  High |
8.8 | Not Defined | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | ||
| CVE-2021-3518 | High |
8.8 | Not Defined | 0.3% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2021-30560 | High |
8.8 | Not Defined | 0.1% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2021-3517 | High |
8.6 | Not Defined | 0.1% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2025-6490 | High |
8.4 | Proof of concept | 0.0% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2022-29181 | High |
8.2 | Not Defined | 4.3% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2024-34459 | High |
7.5 | Not Defined | 0.8% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2022-24836 | High |
7.5 | Not Defined | 1.4000001% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2021-41098 | High |
7.5 | Not Defined | 0.6% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2018-25032 | High |
7.5 | Not Defined | 0.1% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2021-3537 |  Medium |
5.9 | Not Defined | 0.1% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ | |
| CVE-2020-26247 |  Low |
2.6 | Not Defined | 0.70000005% | nokogiri-1.10.8.gem | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2022-0089
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
Nokogiri before version 1.13.2 is vulnerable.
Publish Date: 2024-12-05
URL: WS-2022-0089
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-fq42-c5rg-92c2
Release Date: 2024-12-05
Fix Resolution: nokogiri - v1.13.2,logstash-binary - no_fix,nokogiri - 1.13.2,rb-nokogiri - no_fix,files.com/files-php-sdk - v1.0.7
CVE-2021-3518
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Publish Date: 2021-05-18
URL: CVE-2021-3518
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.3%
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-3518
Release Date: 2021-05-18
Fix Resolution: libxml2 - 2.9.12
CVE-2021-30560
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Publish Date: 2021-08-03
URL: CVE-2021-30560
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2021-30560
Release Date: 2021-08-03
Fix Resolution: v1.1.35,libxslt - 1.1.35
CVE-2021-3517
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Publish Date: 2021-05-19
URL: CVE-2021-3517
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-3517
Release Date: 2021-05-19
Fix Resolution: libxml2 - 2.9.12
CVE-2025-6490
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
Publish Date: 2025-06-22
URL: CVE-2025-6490
Threat Assessment
Exploit Maturity: Proof of concept
EPSS: 0.0%
CVSS 3 Score Details (8.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVE-2022-29181
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a "String" by calling "#to_s" or equivalent.
Publish Date: 2022-05-20
URL: CVE-2022-29181
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 4.3%
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
Release Date: 2022-05-20
Fix Resolution: nokogiri - 1.13.6
CVE-2024-34459
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. This vulnerability does not affect RubyGem's Nokogiri directly, but its dependency libxml2, which is downloaded during Nokogiri's depndency resolution.
Publish Date: 2024-05-13
URL: CVE-2024-34459
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.8%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CVE-2022-24836
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.
Publish Date: 2022-04-11
URL: CVE-2022-24836
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 1.4000001%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-crjr-9rc5-ghw8
Release Date: 2022-04-11
Fix Resolution: nokogiri - 1.13.4
CVE-2021-41098
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
Publish Date: 2021-09-27
URL: CVE-2021-41098
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.6%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098
Release Date: 2021-09-27
Fix Resolution: nokogiri - 1.12.5
CVE-2018-25032
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2018-25032
Release Date: 2022-03-25
Fix Resolution: zlib - 1.2.12
CVE-2021-3537
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Publish Date: 2021-05-14
URL: CVE-2021-3537
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-3537
Release Date: 2021-05-14
Fix Resolution: libxml2 - 2.9.12
CVE-2020-26247
Vulnerable Library - nokogiri-1.10.8.gem
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/nokogiri-1.10.8.gem
Dependency Hierarchy:
- chromedriver-helper-2.1.1.gem (Root Library)
- ❌ nokogiri-1.10.8.gem (Vulnerable Library)
Found in HEAD commit: 84d8c4c8d5cfac4705d302f9b44c063177f8ae86
Found in base branch: main
Vulnerability Details
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
Publish Date: 2020-12-30
URL: CVE-2020-26247
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.70000005%
CVSS 3 Score Details (2.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-12-30
Fix Resolution: 1.11.0.rc4