漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Inefficient Regular Expression Complexity in Loofah
Vulnerability Description
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1333
Vulnerability Title
Loofah gem for Ruby 安全漏洞
Vulnerability Description
Loofah gem for Ruby是一款基于Ruby的、用于处理和转换HTML/XML文档的库。 Loofah gem for Ruby 2.19.1之前版本存在安全漏洞,该漏洞源于包含一个低效的正则表达式,在尝试清理某些 SVG 属性时容易受到过度回溯的影响, 这可能会因 CPU 资源消耗而导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A