CVE-2022-23515

CVSS V2 None CVSS V3 None

Description

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.

Overview

CVE ID
CVE-2022-23515

Assigner
security-advisories@github.com

Vulnerability Status
Analyzed

Published Version
2022-12-14T14:15:10

Last Modified Date
2022-12-19T17:12:34

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:loofah_project:loofah::::::ruby::*	1	OR	2.1.0	2.19.1

References

Reference URL	Reference Tags
https://github.com/flavorjones/loofah/issues/101
https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
https://hackerone.com/reports/1694173

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-23515
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23515

History

Created	Old Value	New Value	Data Type	Notes
2022-12-14 15:14:24				Added to TrackCVE
2022-12-14 16:16:06	2022-12-14T14:15:10.553	2022-12-14T14:15:10	CVE Published Date	updated
2022-12-14 16:16:06		2022-12-14T15:20:31	CVE Modified Date	updated
2022-12-14 16:16:06	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-18 04:35:29	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-19 17:13:29		2022-12-19T17:12:34	CVE Modified Date	updated
2022-12-19 17:13:29	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-19 17:13:32			CPE Information	updated