Nokogiri has backported the patch for CVE-2020-7595 into its vendored version of libxml2, and released this as v1.10.8
CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and so Nokogiri versions <= v1.10.7 are vulnerable.
github.com/sparklemotion/nokogiri/issues/1992