Astra Linux – Vulnerability in ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built upon the Nokogiri framework. Loofah 2.19.1 contains a inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lea...

Loofah has improper detection of disallowed URIs via `allowed_uri?`

Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...

GHSA-2J22-PR5W-6GQ8 Loofah has improper detection of disallowed URIs via `allowed_uri?`

Summary Loofah::HTML5::Scrub.alloweduri? does not correctly reject javascript: URIs when the scheme is split by HTML entity-encoded control characters such as carriage return, line feed, or tab. Details The alloweduri? method strips literal control characters before decoding HTML entities. Payloa...

EUVD-2022-7493

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-23516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion...

Linux Distros Unpatched Vulnerability : CVE-2022-23514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient...

PT-2022-16045

Name of the Vulnerable Software and Affected Versions Loofah versions 2.1.0 through 2.19.0 Description The issue concerns a cross-site scripting vulnerability via the image/svg+xml media type in data URIs. This vulnerability affects Loofah, a library for manipulating and transforming HTML/XML...

PT-2022-16044

Name of the Vulnerable Software and Affected Versions Loofah versions prior to 2.19.1 Description Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. It contains an inefficient regular expression that is susceptible to excessiv...

PT-2018-18405

Name of the Vulnerable Software and Affected Versions: Loofah versions prior to 2.2.1 Description: The issue allows non-whitelisted HTML attributes to be present in sanitized output when input with specially-crafted HTML fragments. Users are affected when running on MRI or RBX, in combination wit...