CVE-2021-3541
gem/nokogiri
Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
A flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.
All versions before 1.11.4
Upgrade to version 1.11.4 or above.
2021-07-21
source |