64 matches found
CVE-2023-31606
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
CVE-2023-31606
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
DEBIAN-CVE-2023-31606
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
CVE-2023-31606
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
CVE-2023-31606
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
Design/Logic Flaw
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
UBUNTU-CVE-2023-31606
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
RedCloth 安全漏洞
RedCloth is a Ruby library from Jason Garber's personal developer. It is used to convert Textile to HTML. A security vulnerability exists in RedCloth v4.0.0, which stems from a Regular Expression Denial of Service ReDoS issue found in the sanitizehtml function, which can be exploited by an attack...
CVE-2023-31606
CVE-2023-31606 concerns the RedCloth Ruby gem, specifically a ReDoS in the sanitize_html function of version 4.0.0 that can cause DoS with crafted input. Multiple connected advisories confirm the affected component is the RedCloth Ruby gem, and the root cause is the sanitize_html ReDoS pattern. E...
RedCloth Regular Expression Denial of Service issue
A Regular Expression Denial of Service ReDoS issue was discovered in the "sanitizehtml" function of RedCloth gem = v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
Inefficient Regular Expression Complexity
A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
PT-2023-5396 · Redcloth +4 · Redcloth +4
Name of the Vulnerable Software and Affected Versions: RedCloth gem version 4.0.0 Description: A Regular Expression Denial of Service ReDoS issue was discovered in the sanitize html function. This issue allows attackers to cause a Denial of Service DoS via supplying a crafted payload. The...
Debian: Security Advisory (DLA-167-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2012-6684
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
DEBIAN-CVE-2022-44637
Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user...
PT-2022-6948 · Redcloth3 +1 · Redcloth3 +1
Name of the Vulnerable Software and Affected Versions: Redmine versions 4.2.9 and earlier, 5.0.x versions prior to 5.0.4 Description: The issue is related to improper sanitization in Redcloth3 Textile-formatted fields, allowing persistent XSS attacks. Depending on the configuration, exploitation...
Advisory ROSA-SA-2021-1966
Software: ruby 2.0.0.648 OS: Cobalt 7.9 CVE-ID: CVE-2012-6684 CVE-Crit: MEDIUM CVE-DESC: A cross-site scripting XSS vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. CVE-STATUS: default CVE-REV:...
RedCloth Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
GHSA-R23G-3QW4-GFH2 RedCloth Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
RedCloth Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URI...