Impact
The vulnerability is a use‑after‑free in Nokogiri’s native C extension. When a Ruby program replaces the value of an XML attribute, the underlying native child node can be freed while a Ruby wrapper remains in the document cache. Subsequent access or a garbage‑collection mark can dereference the invalid memory, resulting in an invalid read or a segmentation fault that can crash the process. This creates a denial of service condition for the affected Ruby application.
Affected Systems
Sparklemotion’s Nokogiri library for Ruby is affected. Any installation that uses a Nokogiri version older than 1.19.4 is vulnerable. The precise affected version range is not explicitly listed in the source, but the description indicates that all releases prior to 1.19.4, from the earliest 1.x series through 1.19.3, are potentially impacted.
Risk and Exploitability
The CVSS score of 1.7 indicates a low severity due to limited impact and a local exploitation surface. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector, inferred from the description, is a local attacker or compromised application that can run arbitrary Ruby code with Nokogiri. Exploitation requires the ability to set an attribute’s value after the attribute has already been accessed, so the vulnerability is constrained to applications with that specific coding pattern.
OpenCVE Enrichment