CVE-2021-30560
Use after free vulnerability in nokogiri (RubyGems)
What is CVE-2021-30560 About?
This vulnerability is a use-after-free error in Blink XSLT within Google Chrome prior to version 91.0.4472.164. It allows a remote attacker to potentially exploit heap corruption by coercing a user to visit a specially crafted HTML page. Exploitation generally requires user interaction and is often part of a wider attack chain.
Affected Software
Technical Details
The vulnerability is a 'use after free' condition occurring in the Blink XSLT engine, a component within Google Chrome. A use-after-free error happens when a program attempts to use memory after it has been freed, potentially leading to unpredictable behavior, including data corruption, crashes, or execution of arbitrary code. In this specific case, a remote attacker can craft a malicious HTML page that, when rendered by a vulnerable version of Chrome, triggers this memory management flaw within the XSLT processing. If successful, the attacker could exploit the resulting heap corruption to gain control over memory, potentially leading to arbitrary code execution within the browser's sandbox. The primary attack vector involves enticing a user to open such a specially crafted web page.
What is the Impact of CVE-2021-30560?
Successful exploitation may allow attackers to achieve arbitrary code execution, compromise user data, or bypass security restrictions.
What is the Exploitability of CVE-2021-30560?
Exploitation of this use-after-free vulnerability typically involves a medium level of complexity. Prerequisites include a user visiting a specially crafted HTML page, often delivered via phishing or malicious websites. It requires no specific authentication or privilege on the part of the attacker, as it targets a client-side browser vulnerability. This is a remote vulnerability, relying on user interaction to load the malicious content. Special conditions might involve specific browser configurations or JavaScript execution. Risk factors are increased when users browse untrusted websites or open malicious links/attachments, as this could lead to drive-by-downloads or exploit kit delivery.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2021-30560?
Available Upgrade Options
- nokogiri
- <1.13.2 → Upgrade to 1.13.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
- https://osv.dev/vulnerability/GHSA-59gp-qqm7-cw4j
- https://github.com/sparklemotion/nokogiri
- https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
- https://crbug.com/1219209
- https://crbug.com/1219209
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
- https://security.gentoo.org/glsa/202310-23
- https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
What are Similar Vulnerabilities to CVE-2021-30560?
Similar Vulnerabilities: CVE-2021-30561 , CVE-2021-30562 , CVE-2020-16010 , CVE-2019-5867 , CVE-2018-6147
