17 matches found
Cross-site Scripting (XSS)
Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Loofah::HTML5::Scrub.alloweduri? function. An attacker can inject malicious script...
EUVD-2022-7500
Malicious code in bioql PyPI...
EUVD-2022-7470
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-23515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, = 2.1.0, 2.19.1 is...
SUSE CVE-2022-23516
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
DEBIAN-CVE-2022-23514
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...
DEBIAN-CVE-2022-23515
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...
DEBIAN-CVE-2022-23516
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
CVE-2022-23514
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...
UBUNTU-CVE-2022-23516
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
UBUNTU-CVE-2022-23515
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...
UBUNTU-CVE-2022-23514
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...
CVE-2022-23516 Uncontrolled Recursion in Loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...
CVE-2022-23514 Inefficient Regular Expression Complexity in Loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...
Cross-site Scripting (XSS)
Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralization of data URIs, via the image/svg+xml media type. Details...
Regular Expression Denial of Service (ReDoS)
Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to containing an inefficient regular expression that is susceptible...
Cross-site Scripting (XSS)
loofah is vulnerable to cross-site scripting XSS attacks. The library is does not properly sanitize nested script tags, allowing a malicious user to inject and execute arbitrary Javascript...