Download
| Alert*
oval:org.secpod.oval:def:603363
ruby-loofah is installed oval:org.secpod.oval:def:53302 The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a cod ... oval:org.secpod.oval:def:603361 The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a cod ... oval:org.secpod.oval:def:53487 It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements. oval:org.secpod.oval:def:1901445 In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. oval:org.secpod.oval:def:603601 It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements. oval:org.secpod.oval:def:69773 It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, was susceptible to cross-site scripting. oval:org.secpod.oval:def:705615 ruby-loofah: manipulation and transformation of HTML/XML documents and fragments Loofah could be made to perform XSS attacks if a crafted SVG element is republished |