Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
References
Link | Resource |
---|---|
https://github.com/flavorjones/loofah/issues/101 | Issue Tracking Third Party Advisory |
https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx | Third Party Advisory |
https://hackerone.com/reports/1694173 | Permissions Required Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html | Mailing List Third Party Advisory |
Configurations
History
01 Feb 2024, 16:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References |
|
19 Dec 2022, 17:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-14 14:15
Updated : 2024-02-04 23:14
NVD link : CVE-2022-23515
Mitre link : CVE-2022-23515
CVE.ORG link : CVE-2022-23515
JSON object : View
Products Affected
debian
- debian_linux
loofah_project
- loofah
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')