Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-g4xq-jx4w-4cjv

Опубликовано: 01 нояб. 2018
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Loofah Cross-site Scripting vulnerability

In the Loofah gem for Ruby, through version 2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Users are advised to upgrade to version 2.2.3.

See https://github.com/flavorjones/loofah/issues/154 for more details.

Ссылки

Пакеты

Наименование

loofah

rubygems
Затронутые версииВерсия исправления

< 2.2.3

2.2.3

EPSS

Процентиль: 54%
0.00314
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2018-16468

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2018-16468

CVSS3: 5.4
ubuntu
больше 7 лет назад

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

redhat логотип

CVE-2018-16468

CVSS3: 5.4
redhat
больше 7 лет назад

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

nvd логотип

CVE-2018-16468

CVSS3: 5.4
nvd
больше 7 лет назад

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

debian логотип

CVE-2018-16468

CVSS3: 5.4
debian
больше 7 лет назад

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ...

suse-cvrf логотип

openSUSE-SU-2018:3951-1

suse-cvrf
около 7 лет назад

Security update for rubygem-loofah

EPSS

Процентиль: 54%
0.00314
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2018-16468

Дефекты

CWE-79