A command injection vulnerability was found in Rexical, a lexical scanner generator for the Ruby programming language. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user
Multiple vulnerabilities were discovered in Nokogiri, an HTML/XML/SAX/Reader parser for the Ruby programming language, leading to command injection, XML external entity injection (XXE), and denial-of-service (DoS).
It was discovered that there was a potential arbitrary file read vulnerability in twig, a PHP templating library. It was caused by insufficient validation of template names in 'source' and 'include' statements.