CVE-2019-15587

Опубликовано: 10 окт. 2019

Источник: redhat

CVSS3: 4.6

EPSS Низкий

Описание

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Отчет

Supported versions of Satellite 6 contain a vulnerable version of rubygem-loofah. However, it is not possible to inject untrusted SVG files, and thus it is considered that this vulnerability can not be triggered. A future update may fix this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние
CloudForms Management Engine 5	cfme-amazon-smartstate	Will not fix
CloudForms Management Engine 5	cfme-gemset	Will not fix
Red Hat Satellite 6	tfm-ror51-rubygem-loofah	Not affected
Red Hat Satellite 6	tfm-ror52-rubygem-loofah	Not affected
Red Hat Software Collections	rh-ror50-rubygem-loofah	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1774081rubygem-loofah: XXS when a crafted SVG element is republished

EPSS

Процентиль: 86%

0.03032

Низкий

4.6 Medium

CVSS3

Связанные уязвимости

CVE-2019-15587

CVSS3: 5.4

ubuntu

больше 6 лет назад

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

CVE-2019-15587

CVSS3: 5.4

nvd

больше 6 лет назад

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

CVE-2019-15587

CVSS3: 5.4

debian

больше 6 лет назад

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...

SUSE-SU-2022:3868-1

suse-cvrf

больше 3 лет назад

Security update for rubygem-loofah

GHSA-c3gv-9cxf-6f57

CVSS3: 5.4

github

больше 6 лет назад

Loofah Allows Cross-site Scripting

EPSS

Процентиль: 86%

0.03032

Низкий

4.6 Medium

CVSS3