Updated advisory posts against rubysec/ruby-advisory-db@7b73c6b

Author: jasnow

advisories/_posts/2026-02-18-GHSA-wx95-c6cv-8532.md

@@ -0,0 +1,54 @@
+---
+layout: advisory
+title: 'GHSA-wx95-c6cv-8532 (nokogiri): Nokogiri does not check the return value from
+  xmlC14NExecute'
+comments: false
+categories:
+- nokogiri
+advisory:
+  gem: nokogiri
+  ghsa: wx95-c6cv-8532
+  url: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
+  title: Nokogiri does not check the return value from xmlC14NExecute
+  date: 2026-02-18
+  description: |
+    ## Summary
+
+    Nokogiri's CRuby extension fails to check the return value from
+    `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize`
+    and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails,
+    an empty string is returned instead of raising an exception. This
+    incorrect return value may allow downstream libraries to accept
+    invalid or incomplete canonicalized XML, which has been demonstrated
+    to enable signature validation bypass in SAML libraries.
+
+    JRuby is not affected, as the Java implementation correctly
+    raises `RuntimeError` on canonicalization failure.
+
+    ## Mitigation
+
+    Upgrade to Nokogiri `>= 1.19.1`.
+
+    ## Severity
+
+    The maintainers have assessed this as **Medium** severity. Nokogiri
+    itself is a parsing library without a clear security boundary
+    related to canonicalization, so the direct impact is that a method
+    returns incorrect data on invalid input. However, this behavior
+    was exploited in practice to bypass SAML signature validation
+    in downstream libraries (see References).
+
+    ## Credit
+
+    This vulnerability was responsibly reported by HackerOne
+    researcher `d4d`.
+  cvss_v3: 5.3
+  unaffected_versions:
+  - "< 1.5.1"
+  patched_versions:
+  - ">= 1.19.1"
+  related:
+    url:
+    - https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
+    - https://github.com/advisories/GHSA-wx95-c6cv-8532
+---