Nokogiri and chef are vulnerable to attacks through a copied version of LibXML2 within the codebase. LibXML2 before 2.9.5 is vulnerable to the following CVEs: 1) CVE-2017-16931 - LibXML2 incorrectly handles parameter-entity references in parser.c
. 2) CVE-2017-16932 - LibXML2 can enter an infinite loop through parameter entities in parser.c
.