ruby4.0-rubygem-loofah-2.23.1-1.5 on GA media (moderate)

ruby4.0-rubygem-loofah-2.23.1-1.5 on GA media Announcement ID: openSUSE-SU-2026:10353-1 Rating: moderate Cross-References: CVE-2018-16468 CVE-2018-8048 CVE-2019-15587 CVE-2022-23514 CVE-2022-23515 CVE-2022-23516 CVSS scores: CVE-2018-16468 SUSE : 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L...

OPENSUSE-SU-2026:10353-1 ruby4.0-rubygem-loofah-2.23.1-1.5 on GA media

These are all security issues fixed in the ruby4.0-rubygem-loofah-2.23.1-1.5 package on the GA media of openSUSE Tumbleweed...

EUVD-2018-0751

Malware in sbrugna...

EUVD-2019-0741

Malware in sbrugna...

EUVD-2018-0188

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-15587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2019-15587 Note th...

rubygem-loofah: inefficient regular expression leading to denial of service

An inefficient regular expression vulnerability was found in rubygem loofah. While sanitizing certain SVG attributes, loofah is susceptible to excessive backtracking, which can result in a denial of service through CPU resource consumption...

SUSE CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

SUSE CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

Loofah gem for Ruby 安全漏洞

The Loofah gem for Ruby is a Ruby-based library for processing and converting HTML/XML documents. A security vulnerability exists in Loofah gem for Ruby versions 2.19.1 through 2.2.0, which stems from the use of recursion to clean up the CDATA section, making it susceptible to stack exhaustion an...

Loofah gem for Ruby 安全漏洞

The Loofah gem for Ruby is a Ruby-based library for processing and transforming HTML/XML documents. A security vulnerability exists in Loofah gem for Ruby prior to version 2.19.1, which stems from the inclusion of an inefficient regular expression that is susceptible to excessive backtracking whe...

FreeBSD : Loofah -- XSS vulnerability (a90d040e-f5b0-11e9-acc4-4576b265fda6)

GitHub issue : This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported by https://hackerone.com/vxhex In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. C Tenable Networ...

Code injection

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

CVE-2019-15587

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

PT-2019-5086

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.3.0 Description The issue is related to the Loofah gem for Ruby, where unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This could potentially allow a remote...

Loofah gem for Ruby cross-site scripting vulnerability (CNVD-2019-36965)

Loofah gem for Ruby is a Ruby-based library for processing and converting HTML/XML documents. A cross-site scripting vulnerability in Loofah gem for Ruby version 2.3.0 and earlier, which stems from a lack of proper validation of client-side data in a web application, can be exploited by an attack...

Loofah -- XSS vulnerability

GitHub issue: This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported by https://hackerone.com/vxhex In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

rubygem-loofah: XSS vulnerability due to unescaped comments within attributes by libxml2

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

Loofah gem for Ruby cross-site scripting vulnerability

Loofah gem for Ruby is a Nokogiri based HTML/XML cleanup tool. A cross-site scripting vulnerability exists in Loofah gem for Ruby 2.2.2 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...