Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N retained because Nokogiri processes external input; AC:H reflects the unusual application-code pattern required; only low availability impact, no C or I consequence.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attr#value= could free the underlying native child node while the wrapper remained reachable through the document node cache. A later use of the freed child node or a Ruby GC mark could dereference an invalid pointer, causing an invalid read and a possible segfault. This vulnerability is fixed in 1.19.4.
AnalysisAI
Use-after-free in Nokogiri's CRuby native extension (versions prior to 1.19.4) can corrupt process memory or cause a segfault when an application accesses an XML attribute's child node and subsequently replaces that attribute's value via Attr#value= or #content=. The underlying libxml2 wrapper frees the native child node while a Ruby object in the document node cache retains a stale pointer, which a later GC mark pass or direct access can dereference. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Three specific conditions must all be true simultaneously: (1) the deployment uses the CRuby native extension - JRuby is not affected; (2) application code accesses an XML attribute's child node via `Attr#child` or a similar accessor, creating a Ruby wrapper retained in the document node cache; and (3) the same application code subsequently calls `Attr#value=` or `#content=` on that same attribute, triggering the native free. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U) yields a score of 1.7, accurately capturing that impact is limited to a potential availability disruption with zero confidentiality or integrity consequence. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An application processing externally supplied XML that first reads an attribute's child node (e.g., `attr.child` to inspect text structure) and then replaces the attribute's value in the same code path triggers the freed-pointer condition. If the Ruby GC runs before the next use of the stale wrapper, the process segfaults, causing a denial-of-service crash. … |
| Remediation | Upgrade to Nokogiri 1.19.4 or later - vendor-released patch confirmed at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-phwj-rprq-35pp. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 8.2), this vulnerability is remotely
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Rub
Nokogiri is an open source XML and HTML library for the Ruby programming language. Rated high severity (CVSS 7.5), this
Nokogiri is an open source XML and HTML library for Ruby. Rated high severity (CVSS 7.5), this vulnerability is remotely
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated high sever
Out-of-bounds read in Nokogiri's `NodeSet#[]` method (all versions before 1.19.4) enables an attacker who can supply a l
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. Rated medium sev
NONET network restriction bypass in Nokogiri's JRuby implementation permits external resource fetching during XML Schema
Use-after-free in Nokogiri's CRuby XInclude processing (versions prior to 1.19.4) can leave Ruby wrapper objects pointin
Use-after-free in Nokogiri's CRuby implementation (versions prior to 1.19.4) allows an application crash via segfault wh
Heap use-after-free in Nokogiri's CRuby implementation (prior to 1.19.4) can corrupt process memory when application cod
Null pointer dereference in Nokogiri prior to 1.19.4 crashes the Ruby process when application code incorrectly calls `.
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39426