Cross-Site Scripting Vulnerability in Loofah Gem for Ruby
CVE-2018-8048

6.1MEDIUM

Key Information:

Vendor

Debian
Status
Debian Linux
Vendor
CVE Published:
27 March 2018

What is CVE-2018-8048?

The Loofah gem, used in Ruby applications for HTML sanitization, allows non-whitelisted HTML attributes to appear in the sanitized output. This vulnerability arises from the improper handling of crafted HTML fragments, which could potentially be exploited to execute malicious scripts in a user's browser, leading to cross-site scripting (XSS) attacks. Developers using affected versions must assess their applications for this issue and apply the necessary updates to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/flavorjones/loofah/issues/144
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2018/03/19/5
mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4171
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.