[GHSA-r58r-74gx-6wx3] Nokogiri gem, via libxml, is affected by DoS vulnerabilities

[flavorjones]

Updates

• Affected products

Comments
The version numbers in the original report are incorrect. They are the version of the underlying libxml2 library, and not the version of the Nokogiri gem. I am the maintainer of Nokogiri. The correct version that a patched version of libxml2 appears in is Nokogiri 1.8.2.

See:

• Investigate Ubuntu libxml2 patches in USN-3504-1, USN-3504-2, USN-3513-1, USN-3513-2 sparklemotion/nokogiri#1714
• https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#182--2018-01-29
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml

[chadlwilson]

This is probably the authoritative one, but same as #2659 #2658 #2657 and #2655

[advisory-database]

Hi @flavorjones! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!