This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Loofah Project First view 2018-03-27
Product Loofah Last view 2019-10-22
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software ruby  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:loofah_project:loofah

Activity : Overall

Related : CVE

  Date Alert Description
5.4 2019-10-22 CVE-2019-15587

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

5.4 2018-10-30 CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

6.1 2018-03-27 CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

CWE : Common Weakness Enumeration

%idName
100% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Nessus® Vulnerability Scanner

id Description
2019-01-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4364.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d5fcbb9ca6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d716df9942.nasl - Type: ACT_GATHER_INFO
2018-11-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4ce40afcb6.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_36a2a89e7ee14ea4ae227ca38019c8d0.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4171.nasl - Type: ACT_GATHER_INFO
2018-03-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_81946ace69614488a16422d58ebc8d66.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_ba6d0c9bf5f64b9ba6de3cce93c83220.nasl - Type: ACT_GATHER_INFO