Debian Ruby-Loofah vulnerabilities

6 known vulnerabilities affecting debian/ruby-loofah.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2022-23514HIGHCVSS 7.5fixed in ruby-loofah 2.19.1-1 (bookworm)2022

CVE-2022-23514 [HIGH] CVE-2022-23514: ruby-loofah - Loofah is a general library for manipulating and transforming HTML/XML documents... Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is

CVE-2022-23516HIGHCVSS 7.5fixed in ruby-loofah 2.19.1-1 (bookworm)2022

CVE-2022-23516 [HIGH] CVE-2022-23516: ruby-loofah - Loofah is a general library for manipulating and transforming HTML/XML documents... Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is p

CVE-2022-23515MEDIUMCVSS 6.1fixed in ruby-loofah 2.19.1-1 (bookworm)2022

CVE-2022-23515 [MEDIUM] CVE-2022-23515: ruby-loofah - Loofah is a general library for manipulating and transforming HTML/XML documents... Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1. Scope: local bookworm: resolved (fixed in 2.19.1-1) bullseye: resolved (fixed in 2.7.0+d

CVE-2019-15587MEDIUMCVSS 5.4fixed in ruby-loofah 2.3.1+dfsg-1 (bookworm)2019

CVE-2019-15587 [MEDIUM] CVE-2019-15587: ruby-loofah - In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sa... In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Scope: local bookworm: resolved (fixed in 2.3.1+dfsg-1) bullseye: resolved (fixed in 2.3.1+dfsg-1) forky: resolved (fixed in 2.3.1+dfsg-1) sid: resolved (fixed in 2.3.1+dfsg-1) trixie: resolved (fixed in 2.3.1+dfsg-1)

CVE-2018-16468MEDIUMCVSS 5.4fixed in ruby-loofah 2.2.3-1 (bookworm)2018

CVE-2018-16468 [MEDIUM] CVE-2018-16468: ruby-loofah - In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in ... In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Scope: local bookworm: resolved (fixed in 2.2.3-1) bullseye: resolved (fixed in 2.2.3-1) forky: resolved (fixed in 2.2.3-1) sid: resolved (fixed in 2.2.3-1) trixie: resolved (fixed in 2.2.3-1)

CVE-2018-8048MEDIUMCVSS 6.1fixed in ruby-loofah 2.2.1-1 (bookworm)2018

CVE-2018-8048 [MEDIUM] CVE-2018-8048: ruby-loofah - In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may oc... In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. Scope: local bookworm: resolved (fixed in 2.2.1-1) bullseye: resolved (fixed in 2.2.1-1) forky: resolved (fixed in 2.2.1-1) sid: resolved (fixed in 2.2.1-1) trixie: resolved (fixed in 2.2.1-1)