CVE-2018-8048

Опубликовано: 27 мар. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

Ссылки

http://www.openwall.com/lists/oss-security/2018/03/19/5
Mailing List
Third Party Advisory
https://github.com/flavorjones/loofah/issues/144
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191122-0003/
https://www.debian.org/security/2018/dsa-4171
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/03/19/5
Mailing List
Third Party Advisory
https://github.com/flavorjones/loofah/issues/144
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191122-0003/
https://www.debian.org/security/2018/dsa-4171
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:loofah_project:loofah:*:*:*:*:*:ruby:*:*

Версия до 2.2.1 (исключая)

EPSS

Процентиль: 73%

0.0076

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-8048

CVSS3: 6.1

ubuntu

почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

CVE-2018-8048

CVSS3: 6.1

redhat

почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

CVE-2018-8048

CVSS3: 6.1

debian

почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attribu ...

GHSA-x7rv-cr6v-4vm4

CVSS3: 6.1

github

почти 8 лет назад

Cross-site Scripting in loofah

EPSS

Процентиль: 73%

0.0076

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79