10 matches found
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
Summary The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. Mitigation Upgrade to = 1.9.22.noko2. Credit This vulnerability was reporte...
GHSA-9849-P7JC-9RMV org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
Summary The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. Mitigation Upgrade to = 1.9.22.noko2. Credit This vulnerability was reporte...
Debian dla-3227 : ruby-rails-html-sanitizer - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3227 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3227-1 [email protected] https://www.debian.org/lts/security/...
SUSE SLES15 Security Update : rubygem-rails-html-sanitizer (SUSE-SU-2022:2870-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2870-1 advisory. - Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of...
CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
Design/Logic Flaw
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
CVE-2022-32209
CVE-2022-32209 affects rails-html-sanitizer: if an application overrides allowed_tags to include both 'select' and 'style', a cross-site scripting (XSS) vulnerability may be exploitable. The issue is triggered when developers configure sanitizer via Rails config, sanitize helper, or SafeListSanit...
CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...