Davidwilemski

**Name of the Vulnerable Software and Affected Versions** Nokogiri versions 1.13.8 through 1.13.9 **Description** Nokogiri is an open source XML and HTML library for the Ruby programming language. It fails to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute hash`. This can lead to a null pointer exception when invalid markup is being parsed. For applications using `XML::Reader` to parse untrusted inputs, this may potentially be a vector for a denial of service attack. **Recommendations** Upgrade to Nokogiri >= 1.13.10. As a temporary workaround, consider searching code for calls to either `XML::Reader#attributes` or `XML::Reader#attribute hash` to determine if you are affected.