Use After Free in Sparklemotion Nokogiri
CVE-2026-57236
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only…
Vulnerability class: Use-After-Free
Affected products
- Sparklemotion Nokogiri — versions < 1.19.4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)