GHSA-5MWF-688X-MR7X Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references. Original Description Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 -...

Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to v2.13.6. libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 Impact CVE-2025-24928 Stack-buffe...

Denial of Service (DoS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Denial of Service DoS. Vulnerable version of libxml2 was used. The fix to this updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses: - CVE-2019-20388 -...

libxml2: Denial of service

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Brad Fitzpatrick reported that the xmlCurrentChar function does not properly handle some UTF-8 multibyte encodings. Impact A remote attacker could entice a user to op...