Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
patchinfo.30520
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.30520
<patchinfo incident="30520"> <issue tracker="cve" id="2022-23520"/> <issue tracker="cve" id="2022-23517"/> <issue tracker="cve" id="2022-23519"/> <issue tracker="cve" id="2022-23518"/> <issue tracker="bnc" id="1206434">VUL-0: CVE-2022-23518: rubygem-rails-html-sanitizer: XSS via data URIs when used in combination with Loofah >= 2.1.0</issue> <issue tracker="bnc" id="1206436">VUL-0: CVE-2022-23520: rubygem-rails-html-sanitizer: XSS vulnerability with certain configurations of Rails::Html::Sanitizer</issue> <issue tracker="bnc" id="1206433">VUL-0: CVE-2022-23517: rubygem-rails-html-sanitizer: inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes</issue> <issue tracker="bnc" id="1206435">VUL-0: CVE-2022-23519: rubygem-rails-html-sanitizer: XSS vulnerability with certain configurations of Rails::Html::Sanitizer</issue> <packager>pperego</packager> <rating>important</rating> <category>security</category> <summary>Security update for rubygem-rails-html-sanitizer</summary> <description>This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. (bsc#1206433) - CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah. (bsc#1206434) - CVE-2022-23519: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206435) - CVE-2022-23520: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206436) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
