The Nokogiri library, widely used for parsing and extracting data from XML documents, has a high-severity vulnerability in versions prior to 1.5.4 that allows attackers to execute an XML External Entities (XXE) attack by injecting malicious entities into XML strings. This can lead to significant issues such as denial of service, port scanning, and disclosure of confidential information. The safest way to prevent this attack is to configure the XML parser to not include external DTD's at all. Nokogiri versions greater than 1.5.4 have implemented safeguards to limit exposure, including the DTDLOAD option and the NONET option, which by default are set to false, preventing the vulnerability from being exploited. Users should update to version 1.5.4 or later, double-check their settings, and monitor for updates to ensure protection against this vulnerability.