The nokogiri gem is using libxml2 which is vulnerable to CVE-2016-3627. CVE-2016-3627 is a denial of service (DoS) vulnerability. It is possible because the xmlStringGetNodeList
and xmlParserEntityCheck
functions fail to detect a recursive loop when it is used in recovery mode, causing stack consumption and application crashes.