Debian Security Update DSA-4171 ruby-loofah - security update

Thread starter LinuxBot
Start date Apr 13, 2018

LinuxBot

Member

Apr 13, 2018

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.

Continue reading...

You must log in or register to reply here.

Facebook X (Twitter) Reddit Pinterest Tumblr WhatsApp Email Link

Members online

Total: 947 (members: 9, guests: 938)

Latest posts

Oracle linux
- Latest: f33dm3bits
- A moment ago
Getting Started
Why Your VPN May Not Be As Secure As It Claims
- Latest: GatorsFan
- 12 minutes ago
Linux Security
What am I doing wrong?
- Latest: GatorsFan
- 27 minutes ago
Laptops / Netbooks
Say Hello to Goodbye Mails: Temporary Disposable Email Accounts for Creating Accounts
- Latest: blunix
- Today at 2:38 PM
Mail Server
Today's article was written so that I can write another article...
- Latest: blunix
- Today at 2:09 PM
General Computing

Top