GHSA SYNC: 1 brand new advisory

Author: jasnow

gems/nokogiri/GHSA-wx95-c6cv-8532.yml

@@ -0,0 +1,46 @@
+---
+gem: nokogiri
+ghsa: wx95-c6cv-8532
+url: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
+title: Nokogiri does not check the return value from xmlC14NExecute
+date: 2026-02-18
+description: |
+  ## Summary
+
+  Nokogiri's CRuby extension fails to check the return value from
+  `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize`
+  and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails,
+  an empty string is returned instead of raising an exception. This
+  incorrect return value may allow downstream libraries to accept
+  invalid or incomplete canonicalized XML, which has been demonstrated
+  to enable signature validation bypass in SAML libraries.
+
+  JRuby is not affected, as the Java implementation correctly
+  raises `RuntimeError` on canonicalization failure.
+
+  ## Mitigation
+
+  Upgrade to Nokogiri `>= 1.19.1`.
+
+  ## Severity
+
+  The maintainers have assessed this as **Medium** severity. Nokogiri
+  itself is a parsing library without a clear security boundary
+  related to canonicalization, so the direct impact is that a method
+  returns incorrect data on invalid input. However, this behavior
+  was exploited in practice to bypass SAML signature validation
+  in downstream libraries (see References).
+
+  ## Credit
+
+  This vulnerability was responsibly reported by HackerOne
+  researcher `d4d`.
+cvss_v3: 5.3
+unaffected_versions:
+  - "< 1.5.1"
+patched_versions:
+  - ">= 1.19.1"
+related:
+  url:
+    - https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
+    - https://github.com/advisories/GHSA-wx95-c6cv-8532