Lucene search
RubySecRUBY:NOKOGIRI-2018-8048HistoryMar 28, 2018 - 9:00 p.m.
Revert libxml2 behavior in Nokogiri gem that could cause XSS
2018-03-2821:00:00
RubySec
rubysec.com
10
[MRI] Behavior in libxml2 has been reverted which caused
CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and
CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is
here:
https://github.com/GNOME/libxml2/commit/960f0e2
and more information is available about this commit and its impact
here:
https://github.com/flavorjones/loofah/issues/144
This release simply reverts the libxml2 commit in question to protect
users of Nokogiri’s vendored libraries from similar vulnerabilities.
If you’re offended by what happened here, I’d kindly ask that you
comment on the upstream bug report here:
Related
prion
prion
Design/Logic Flaw
2018-03-30 19:29:00
Hardcoded credentials
2018-03-30 19:29:00
Hardcoded credentials
2018-03-27 17:29:00
osv
osv
CVE-2018-3741
2018-03-30 19:29:00
rails-html-sanitizer Cross-site Scripting vulnerability
2018-04-26 15:41:10
ruby-sanitize - security update
2018-12-27 00:00:00
hackerone
hackerone
Ruby on Rails: XSS vulnerability in sanitize-method when parsing link's href
2018-03-21 14:57:43
ubuntucve
ubuntucve
freebsd
freebsd
rails-html-sanitizer -- possible XSS vulnerability
2018-03-22 00:00:00
Sanitize -- XSS vulnerability
2018-03-19 00:00:00
Loofah -- XSS vulnerability
2018-03-15 00:00:00
redhatcve
redhatcve
CVE-2018-3741
2018-04-18 10:49:01
CVE-2018-8048
2020-04-06 17:05:35
nessus
nessus
FreeBSD : rails-html-sanitizer -- possible XSS vulnerability (81946ace-6961-4488-a164-22d58ebc8d66)
2018-03-27 00:00:00
Debian DSA-4171-1 : ruby-loofah - security update
2018-04-16 00:00:00
github
github
rails-html-sanitizer Cross-site Scripting vulnerability
2018-04-26 15:41:10
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
2018-03-21 11:56:32
Cross-site Scripting in loofah
2018-03-21 11:57:11
cve
cve
debiancve
debiancve
redhat
redhat
veracode
veracode
Cross-site Scripting (XSS)
2018-03-23 02:20:59
Cross-site Scripting (XSS)
2018-03-20 05:38:48
Cross-site Scripting (XSS)
2018-03-20 06:00:15
openvas
openvas
Debian: Security Advisory (DSA-4358-1)
2018-12-26 00:00:00
Debian: Security Advisory (DSA-4171-1)
2018-04-12 00:00:00
debian
debian
[SECURITY] [DSA 4171-1] ruby-loofah security update
2018-04-13 19:12:19
[SECURITY] [DSA 4358-1] ruby-sanitize security update
2018-12-27 12:31:26
[SECURITY] [DSA 4358-1] ruby-sanitize security update
2018-12-27 12:31:26
rubygems
rubygems
XSS vulnerability in rails-html-sanitizer
2018-03-21 21:00:00
archlinux
archlinux
[ASA-201807-1] gitlab: multiple issues
2018-07-04 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34
kitploit
kitploit
Related for RUBY:NOKOGIRI-2018-8048