{"vulnerability": "ghsa-wfpw-mmfh-qq69", "sightings": [{"uuid": "fbb2fda4-af51-4f40-9c70-bea2f3919bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WFPW-MMFH-QQ69", "type": "seen", "source": "https://gist.github.com/alon710/21b59dad18a8c158a7eeee605d73d87e", "content": "# GHSA-WFPW-MMFH-QQ69: GHSA-WFPW-MMFH-QQ69: Use-After-Free Vulnerability in Nokogiri XML Node-Level XInclude Processing\n\n&gt; **CVSS Score:** 4.8\n&gt; **Published:** 2026-06-19\n&gt; **Full Report:** https://cvereports.com/reports/GHSA-WFPW-MMFH-QQ69\n\n## Summary\nNokogiri is a popular Ruby gem used for parsing XML and HTML documents. A Use-After-Free (UAF) vulnerability exists in its CRuby implementation during XInclude processing. When an application traverses an XML document and exposes nodes to Ruby before calling `do_xinclude`, the underlying C library `libxml2` can free these structures in-place. This leaves active Ruby objects holding pointers to freed memory, leading to potential segmentation faults, memory corruption, or information disclosure.\n\n## TL;DR\nA Use-After-Free vulnerability in Nokogiri's CRuby C-extension engine allows memory corruption or application crashes when XInclude is run on previously traversed DOM structures. The issue is resolved in version 1.19.4 by performing XInclude substitutions on a defensive copy.\n\n## Technical Details\n\n- **CWE ID**: CWE-416\n- **Attack Vector**: Network (with local programmatic triggers)\n- **CVSS Score**: 4.8 (Medium/Low)\n- **Impact**: Memory Corruption / Denial of Service\n- **Exploit Status**: None (No public exploit)\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Nokogiri (CRuby implementation)\n- **nokogiri**: &lt; 1.19.4 (Fixed in: `1.19.4`)\n\n## Mitigation\n\n- Upgrade Nokogiri to version 1.19.4 or later.\n- Process XInclude during parse time instead of invoking do_xinclude on an already traversed DOM tree.\n- Switch to JRuby if feasible, as JRuby is unaffected.\n\n**Remediation Steps:**\n1. Identify all Gemfile entries referencing nokogiri and update to &gt;= 1.19.4.\n2. Execute `bundle update nokogiri` to apply the patch.\n3. Review codebases for occurrences of `do_xinclude` and replace with parse-time configurations where possible.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wfpw-mmfh-qq69)\n- [Official Repository](https://github.com/sparklemotion/nokogiri)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-WFPW-MMFH-QQ69) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T17:42:09.000000Z"}]}