Flavorjones Loofah vulnerabilities
3 known vulnerabilities affecting flavorjones/loofah.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-23514HIGHCVSS 7.5fixed in 2.19.12022-12-14
CVE-2022-23514 [HIGH] CWE-1333 CVE-2022-23514: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, buil
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. Th
nvd
CVE-2022-23516HIGHCVSS 7.5v>= 2.2.0, < 2.19.12022-12-14
CVE-2022-23516 [HIGH] CWE-674 CVE-2022-23516: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, buil
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This
nvd
CVE-2022-23515MEDIUMCVSS 6.1v>= 2.1.0, < 2.19.12022-12-14
CVE-2022-23515 [MEDIUM] CWE-79 CVE-2022-23515: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, buil
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
nvd