Nokogiri v1.13.4 updates the vendored xerces:xercesImpl
from 2.12.0 to 2.12.2, which addresses CVE-2022-23437. That CVE is scored as CVSS 6.5 "Medium" on the NVD record.
Please note that this advisory only applies to the JRuby implementation of Nokogiri < 1.13.4
.
Upgrade to Nokogiri >= v1.13.4
.