nokogiri (鋸) is an HTML, XML, SAX, and Reader parser, with the ability to search documents via XPath or CSS3 selectors.
Affected versions of the package are vulnerable to Out of Bounds Memory Write. Nokogiri bundles the
libxslt library, which is vulnerable in versions below 3. The
xsltAddTextString function in
transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
nokogiri to version 1.7.2 or higher.