rubygem-loofah (SUSE:Linux Enterprise High Availability Extension 15 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Availability Extension 15 SP3 package rubygem-loofah, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2022-23514 — CVSS 7.5 (high): Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1…
CVE-2022-23516 — CVSS 7.5 (high): Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0…
CVE-2022-23515 — CVSS 6.1 (medium): Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0…
CVE-2019-15587 — CVSS 5.4 (medium): In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.