CVE-2019-15587

Published: 22 October 2019

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
ruby-loofah
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.3.1+dfsg-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2.3.1+dfsg-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.3.1+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.0.3-2+deb9u3build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist