< v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents.
Upgrade to Nokogiri
The Nokogiri maintainers have evaluated this as High Severity 7.5 (CVSS3.1).
CWE-1333 Inefficient Regular Expression Complexity
This vulnerability was reported by HackerOne user ooooooo_q (ななおく).