Описание
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
A Cross-site scripting vulnerability was found in rubygem loofah. While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Satellite 6 | tfm-ror51-rubygem-loofah | Out of support scope | ||
| Red Hat Satellite 6 | tfm-ror52-rubygem-loofah | Out of support scope | ||
| Red Hat Satellite 6 | tfm-rubygem-loofah | Affected | ||
| Red Hat Satellite 6.13 for RHEL 8 | rubygem-loofah | Fixed | RHSA-2023:2097 | 03.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
Loofah is a general library for manipulating and transforming HTML/XML ...
Improper neutralization of data URIs may allow XSS in Loofah
EPSS
6.1 Medium
CVSS3