CVE-2019-5815: Access of Resource Using Incompatible Type (Type Confusion)
(updated )
Type confusion in xsltNumberFormatGetMultipleLevel
in libxslt, which is included in nokogiri, could allow attackers to potentially exploit heap corruption via crafted XML data.
References
Detect and mitigate CVE-2019-5815 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →