XML External Entity (XXE) Via Libxml2
nokogiri is using libxml2 library which is vulnerable to the CVE-2016-9318. The vulnerability is only possible when applications using nokogiri 1.5.4 and later do not opt into the DTDLOAD option and opt out of the NONET option. The default setting in nokogiri does not use both DTD loading and...