nokogiri has a copied version of the libxml2 library. The copy that nokogiri includes is vulnerable to CVE-2017-8872 which allows attackers to cause a denial of service (DoS) or information disclosure via a buffer overflow. This is caused by the htmlParseTryOrFinish
method in the HTMLparser.c
file.