Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-8048

Опубликовано: 15 мар. 2018
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

Отчет

This issue affects the versions of rubygem-loofah as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having a security impact of Moderate. This vulnerability won't be fixed on CloudForms 4, because it uses libxml 2.9.1 and since the vulnerability requires a libxml >= 2.9.2 in order to be exploitable. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Software Collectionsrh-ror42-rubygem-loofahNot affected
Red Hat Software Collectionsrh-ror50-rubygem-loofahNot affected
CloudForms Management Engine 5.10ansible-runnerFixedRHSA-2019:021207.02.2019
CloudForms Management Engine 5.10ansible-towerFixedRHSA-2019:021207.02.2019
CloudForms Management Engine 5.10bubblewrapFixedRHSA-2019:021207.02.2019
CloudForms Management Engine 5.10cfmeFixedRHSA-2019:021207.02.2019
CloudForms Management Engine 5.10cfme-amazon-smartstateFixedRHSA-2019:021207.02.2019
CloudForms Management Engine 5.10cfme-applianceFixedRHSA-2019:021207.02.2019
CloudForms Management Engine 5.10cfme-gemsetFixedRHSA-2019:021207.02.2019
CloudForms Management Engine 5.10dbus-api-serviceFixedRHSA-2019:021207.02.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1559071rubygem-loofah: XSS vulnerability due to unescaped comments within attributes by libxml2

EPSS

Процентиль: 73%
0.0076
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-8048

CVSS3: 6.1
ubuntu
почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

nvd логотип

CVE-2018-8048

CVSS3: 6.1
nvd
почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

debian логотип

CVE-2018-8048

CVSS3: 6.1
debian
почти 8 лет назад

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attribu ...

github логотип

GHSA-x7rv-cr6v-4vm4

CVSS3: 6.1
github
почти 8 лет назад

Cross-site Scripting in loofah

EPSS

Процентиль: 73%
0.0076
Низкий

6.1 Medium

CVSS3