Use After Free in Sparklemotion Nokogiri
CVE-2026-57437
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the…
Vulnerability class: Use-After-Free
Affected products
- Sparklemotion Nokogiri — versions < 1.19.4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)