GHSA-c3gv-9cxf-6f57

Опубликовано: 05 нояб. 2019

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Loofah Allows Cross-site Scripting

In the Loofah gem for Ruby through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Ссылки

Пакеты

Наименование

loofah

rubygems

Затронутые версииВерсия исправления

< 2.3.1

2.3.1

EPSS

Процентиль: 76%

0.00958

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-15587

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-15587

CVSS3: 5.4

ubuntu

больше 6 лет назад

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

CVE-2019-15587

CVSS3: 4.6

redhat

больше 6 лет назад

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

CVE-2019-15587

CVSS3: 5.4

nvd

больше 6 лет назад

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

CVE-2019-15587

CVSS3: 5.4

debian

больше 6 лет назад

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...

SUSE-SU-2022:3868-1

suse-cvrf

больше 3 лет назад

Security update for rubygem-loofah

EPSS

Процентиль: 76%

0.00958

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2019-15587

Дефекты

CWE-79