rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri = 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5...

PT-2024-35998

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has...

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2022-29181, CVE-2022-23476)

Summary There are multple nokogiri vulnerabilities in Logstash that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2022-29181 DESCRIPTION: Nokogiri is vulnerable to a denial of service, caused by improper handling of unexpected data type...

Information Disclosure

onionshare is vulnerable to information disclosure. The vulnerability exists because the path parameter of the requested URL is not sanitized before being passed to the QT frontend which allows an attacker to render HTML4 Subset...

GHSA-XH29-R2W5-WX8M Nokogiri Improperly Handles Unexpected Data Type

Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...

Nokogiri Denial of Service Vulnerability

Nokogiri is a software library for parsing HTML and XML in Ruby.A denial of service vulnerability exists in versions of Nokogiri prior to 1.13.6.The source of the vulnerability fails to type-check all input to the XML and HTML4 SAX parsers, which could be exploited by an attacker to trigger a...

Updated ruby-nokogiri packages fix security vulnerability

Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a...

PYSEC-2022-41

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...

Design/Logic Flaw

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...