diff --git a/CVE-2022-24836.patch b/CVE-2022-24836.patch
new file mode 100644
index 0000000000000000000000000000000000000000..25b7c0f0ce6a0b38a673cf66d078209ab17ee7e3
--- /dev/null
+++ b/CVE-2022-24836.patch
@@ -0,0 +1,16 @@
+diff --git a/lib/nokogiri/html/document.rb b/lib/nokogiri/html/document.rb
+index d3792bc..8fffa43 100644
+--- a/lib/nokogiri/html/document.rb
++++ b/lib/nokogiri/html/document.rb
+@@ -254,7 +254,7 @@ module Nokogiri
+           if Nokogiri.jruby? && EncodingReader.is_jruby_without_fix?
+             return EncodingReader.detect_encoding_for_jruby_without_fix(chunk)
+           end
+-          m = chunk.match(/\A(<\?xml[ \t\r\n]+[^>]*>)/) and
++          m = chunk.match(/\A(<\?xml[ \t\r\n][^>]*>)/) and
+             return Nokogiri.XML(m[1]).encoding
+ 
+           if Nokogiri.jruby?
+-- 
+2.27.0
+
diff --git a/rubygem-nokogiri.spec b/rubygem-nokogiri.spec
index 7b9cf7704e6a2ab85a8739a478038eda1b9a6f71..829b51c9a33459dd6379ceacd44369973c3d4460 100644
--- a/rubygem-nokogiri.spec
+++ b/rubygem-nokogiri.spec
@@ -7,7 +7,7 @@
 Summary:	An HTML, XML, SAX, and Reader parser
 Name:		rubygem-%{gem_name}
 Version:	%{mainver}
-Release:	3
+Release:	4
 License:	MIT
 URL:		https://nokogiri.org
 Source0:	https://rubygems.org/gems/%{gem_name}-%{mainver}%{?prever}.gem
@@ -18,6 +18,8 @@ Patch1:         CVE-2020-26247-pre.patch
 Patch2:         CVE-2020-26247.patch
 Patch3:         CVE-2021-41098-1.patch
 Patch4:         CVE-2021-41098-2.patch
+# refer https://github.com/sparklemotion/nokogiri/commit/e444525
+Patch5:         CVE-2022-24836.patch
 BuildRequires:  ruby(release) 	ruby(rubygems) 	rubygem(minitest) 	rubygems-devel
 Obsoletes:      ruby-%{gem_name} <= 1.5.2-2
 BuildRequires:  gcc 	rubygem(pkg-config) 	libxml2-devel 	libxslt-devel 	ruby-devel
@@ -64,6 +66,7 @@ cd %{gem_name}-%{version}
 cd $TOPDIR/%{gem_name}-%{version}
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 cd -
 
 gem specification -l --ruby %{SOURCE0} > %{gem_name}.gemspec
@@ -158,6 +161,9 @@ popd
 %{gem_dir}/doc/%{gem_name}-%{mainver}%{?prever}/
 
 %changelog
+* Fri Apr 22 2022 wangkai <wangkai385@huawei.com> - 1.10.5-4
+- Fix CVE-2022-24836
+
 * Tue Oct 12 2021 yaoxin <yaoxin30@huawei.com> - 1.10.5-3
 - fix CVE-2021-41098