CVE-2022-23514

Опубликовано: 13 дек. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.

An inefficient regular expression vulnerability was found in rubygem loofah. While sanitizing certain SVG attributes, loofah is susceptible to excessive backtracking, which can result in a denial of service through CPU resource consumption.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat 3scale API Management Platform 2	3scale-amp-zync-container	Will not fix
Red Hat Satellite 6	tfm-ror51-rubygem-loofah	Out of support scope
Red Hat Satellite 6	tfm-ror52-rubygem-loofah	Out of support scope
Red Hat Satellite 6	tfm-rubygem-loofah	Affected
Red Hat Satellite 6.13 for RHEL 8	rubygem-loofah	Fixed	RHSA-2023:2097	03.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-1333

https://bugzilla.redhat.com/show_bug.cgi?id=2153234rubygem-loofah: inefficient regular expression leading to denial of service

EPSS

Процентиль: 52%

0.00293

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-23514

CVSS3: 7.5

ubuntu

около 3 лет назад

CVE-2022-23514

CVSS3: 7.5

nvd

около 3 лет назад

CVE-2022-23514

CVSS3: 7.5

debian

около 3 лет назад

Loofah is a general library for manipulating and transforming HTML/XML ...

GHSA-486f-hjj9-9vhh

CVSS3: 7.5

github

около 3 лет назад

Inefficient Regular Expression Complexity in Loofah

SUSE-SU-2023:1657-1

suse-cvrf

почти 3 года назад

Security update for rubygem-loofah

EPSS

Процентиль: 52%

0.00293

Низкий

7.5 High

CVSS3