GHSA-wjv4-x9w8-wm3h: Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault.
Nokogiri 1.19.4 restricts Document#root= to element nodes, raising TypeError for any other node type.
This memory-safety issue affects only the CRuby implementation (libxml2). The JRuby implementation was not affected; the same input validation was added there for behavioral parity.
References
Code Behaviors & Features
Detect and mitigate GHSA-wjv4-x9w8-wm3h with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →