Astra Linux - уязвимость в ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0; versions less than 2.19.1 are vulnerable to cross-site scripting due to the image/svg+xml media type in data URIs. This issue has been fixed in version 2.19.1...

Astra Linux - уязвимость в ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0; versions before 2.19.1 use recursion to sanitize CDATA sections. This can lead to stack exhaustion and raise a SystemStackError exception, potentially causing ...

OPENSUSE-SU-2026:10353-1 ruby4.0-rubygem-loofah-2.23.1-1.5 on GA media

These are all security issues fixed in the ruby4.0-rubygem-loofah-2.23.1-1.5 package on the GA media of openSUSE Tumbleweed...

Debian: Security Advisory (DLA-3901-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3901-1] ruby-loofah security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3901-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 28, 2024 https://wiki.debian.org/LTS -...

Debian dla-3901 : ruby-loofah - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3901 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3901-1 [email protected]...

DLA-3901-1 ruby-loofah - security update

Bulletin has no description...

Debian dla-3565 : ruby-loofah - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3565 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 [email protected]...

Debian: Security Advisory (DLA-3565-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3565-1] ruby-loofah security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS -...

DLA-3565-1 ruby-loofah - security update

Bulletin has no description...

rubygem-loofah: Uncontrolled Recursion leading to denial of service

An uncontrolled recursion vulnerability was found in rubygem loofah. While sanitizing certain sections, loofah is susceptible to stack exhaustion, which can result in a denial of service through CPU resource consumption...

Ubuntu: Security Advisory (USN-4498-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4498-1 ruby-loofah vulnerability

It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. CVE-2019-15587...

Vulnerability in the library for processing and transforming HTML/XML code fragments: The Ruby loofah library has a vulnerability related to the lack of protection for website structure. This allows attackers to compromise data integrity.

The vulnerability in the library for processing and transforming HTML/XML code fragments in Ruby Loofah is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

Debian: Security Advisory (DSA-4554-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4554-1 : ruby-loofah - security update

It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, was susceptible to cross-site scripting. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

[SECURITY] [DSA 4554-1] ruby-loofah security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4554-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq -...

DSA-4554-1 ruby-loofah - security update

Bulletin has no description...

A vulnerability in the library for processing and transforming HTML/XML code fragments, called Ruby Loofah, arises due to improper handling of input during web page generation. This vulnerability allows attackers to inject arbitrary JavaScript code.

The vulnerability in the library for processing and transforming HTML/XML code fragments in Ruby Loofah is related to insufficient cleaning of SVG elements in JavaScript. Exploiting this vulnerability allows a remote attacker to inject arbitrary JavaScript code...