Nokogiri before 1.5.4 is vulnerable to XXE attacks
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nokogiri | Nokogiri | * | 1.5.4 (excluding) |