Debian Security Update DSA-4171 ruby-loofah - security update

Thread starter LinuxBot
Start date Apr 13, 2018

LinuxBot

Member

Apr 13, 2018

#1

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.

Continue reading...

You must log in or register to reply here.

Similar threads

Debian Security Update DSA-6180-1 ruby-rack - security update

Replies: 0

Views: 105

Mar 27, 2026

LinuxBot

Debian Security Update DSA-6286-1 evince - security update

Replies: 0

Views: 60

May 21, 2026

LinuxBot

Debian Security Update DSA-6137-1 roundcube - security update

Replies: 0

Views: 138

Feb 17, 2026

LinuxBot

Debian Security Update DSA-6279-1 redis - security update

Replies: 0

Views: 105

May 19, 2026

LinuxBot

Debian Security Update DSA-6048-1 ruby-rack - security update

Replies: 0

Views: 246

Nov 4, 2025

LinuxBot

Share:

Facebook X Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

Follow Linux.org

Linux.org YouTube Channel

Members online

Total: 2,198 (members: 4, guests: 2,194)

Latest posts

Post a screenshot of your Desktop
- Latest: osprey
- Today at 1:47 AM
Desktop
D
Recording and transcribing a meeting to create meeting minutes
- Latest: Danbor
- Today at 1:39 AM
Linux Audio / Video
New to the whole Linux scene, have heard really great things figured I'd maybe give it a crack?
- Latest: Rocketing-warp9
- Today at 1:19 AM
Getting Started
Linux on a Mac?
- Latest: Rocketing-warp9
- Today at 12:50 AM
Laptops / Netbooks
Hellooooo
- Latest: MikeRocor
- Yesterday at 11:32 PM
Member Introductions

Top