CVE-2018-8048

Опубликовано: 27 мар. 2018

Источник: debian

EPSS Низкий

Описание

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

Пакет	Статус	Версия исправления	Релиз	Тип
ruby-loofah	fixed	2.2.1-1		package

https://github.com/flavorjones/loofah/issues/144
https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7
https://github.com/flavorjones/loofah/commit/56e95a6696b1e17a242eb8ebbbab64d613c4f1fe

EPSS

Процентиль: 73%

0.0076

Низкий

CVE-2018-8048

CVSS3: 6.1

ubuntu

почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

CVE-2018-8048

CVSS3: 6.1

redhat

почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

CVE-2018-8048

CVSS3: 6.1

nvd

почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

GHSA-x7rv-cr6v-4vm4

CVSS3: 6.1

github

почти 8 лет назад

Cross-site Scripting in loofah

EPSS

Процентиль: 73%

0.0076

Низкий