Описание
Security update for rubygem-loofah
This update for rubygem-loofah fixes the following issues:
Security issue fixed:
- CVE-2018-16468: Fixed XXS by removing the svg animate attribute
fromfrom the allowlist (bsc#1113969).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
ruby2.5-rubygem-loofah-2.2.2-lp150.3.3.1
ruby2.5-rubygem-loofah-doc-2.2.2-lp150.3.3.1
ruby2.5-rubygem-loofah-testsuite-2.2.2-lp150.3.3.1
rubygem-loofah-2.2.2-lp150.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3951-1
- SUSE Security Ratings
Описание
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
Затронутые продукты
openSUSE Leap 15.0:ruby2.5-rubygem-loofah-2.2.2-lp150.3.3.1
openSUSE Leap 15.0:ruby2.5-rubygem-loofah-doc-2.2.2-lp150.3.3.1
openSUSE Leap 15.0:ruby2.5-rubygem-loofah-testsuite-2.2.2-lp150.3.3.1
openSUSE Leap 15.0:rubygem-loofah-2.2.2-lp150.3.3.1
Ссылки
- CVE-2018-16468
- SUSE Bug 1113969