-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2022-23514.yml
More file actions
22 lines (19 loc) · 688 Bytes
/
CVE-2022-23514.yml
File metadata and controls
22 lines (19 loc) · 688 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
---
gem: loofah
cve: 2022-23514
ghsa: 486f-hjj9-9vhh
url: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
title: "Inefficient Regular Expression Complexity in Loofah"
date: 2022-12-13
description: |
## Summary
Loofah `< 2.19.1` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption.
## Mitigation
Upgrade to Loofah `>= 2.19.1`.
cvss_v3: 7.5
patched_versions:
- ">= 2.19.1"
related:
url:
- https://cwe.mitre.org/data/definitions/1333.html
- https://hackerone.com/reports/1684163