Lucene search
K

10 matches found

OSV
OSV
added 2023/06/22 7:58 p.m.30 views

GHSA-9849-P7JC-9RMV org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption

Summary The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. Mitigation Upgrade to = 1.9.22.noko2. Credit This vulnerability was reporte...

7.5CVSS7.5AI score0.02114EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/06/22 7:58 p.m.30 views

org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption

Summary The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. Mitigation Upgrade to = 1.9.22.noko2. Credit This vulnerability was reporte...

7.5CVSS6.8AI score0.02114EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.33 views

Debian dla-3227 : ruby-rails-html-sanitizer - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3227 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3227-1 [email protected] https://www.debian.org/lts/security/...

6.1CVSS6.2AI score0.2914EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/08/23 12:0 a.m.148 views

SUSE SLES15: ruby2.5-rubygem-rails-html-sanitizer / etc (SUSE-SU-2022:2870-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2870-1 advisory. - CVE-2022-32209: Fixed a potential content injection under specific configurations bsc1201183. Tenable has extracted the preceding...

6.1CVSS6.7AI score0.2914EPSS
Exploits1References4
OSV
OSV
added 2022/06/24 3:15 p.m.21 views

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

6.1CVSS6AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/06/24 3:15 p.m.31 views

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

6.1CVSS6.5AI score0.2914EPSS
Exploits1References4
Prion
Prion
added 2022/06/24 3:15 p.m.24 views

Design/Logic Flaw

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

4.3CVSS6.1AI score0.2914EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2022/06/24 12:0 a.m.45 views

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

6.4AI score0.2914EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/06/24 12:0 a.m.44 views

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

6.1CVSS6.3AI score0.2914EPSS
Exploits1
CVE
CVE
added 2022/06/24 12:0 a.m.179 views

CVE-2022-32209

CVE-2022-32209 affects rails-html-sanitizer: if an application overrides allowed_tags to include both 'select' and 'style', a cross-site scripting (XSS) vulnerability may be exploitable. The issue is triggered when developers configure sanitizer via Rails config, sanitize helper, or SafeListSanit...

6.1CVSS6AI score0.2914EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder