Published: 14/12/2022 Updated: 13/09/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
loofah project loofah

Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...

Description This CVE is under investigation by Red Hat Product Security ...

CWE-1333 https://hackerone.com/reports/1684163 https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html https://access.redhat.com/errata/RHSA-2023:2097 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-23514

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-23514

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect