CVE-2022-23514
Inefficient Regular Expression Complexity in Loofah
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.
Loofah es una librería general para manipular y transformar documentos y fragmentos HTML / XML, construida sobre Nokogiri. Loofah < 2.19.1 contiene una expresión regular ineficiente que es susceptible a un retroceso excesivo al intentar sanitizar ciertos atributos SVG. Esto puede provocar una denegación de servicio a través del consumo de recursos de CPU. Este problema está parcheado en la versión 2.19.1.
An inefficient regular expression vulnerability was found in rubygem loofah. While sanitizing certain SVG attributes, loofah is susceptible to excessive backtracking, which can result in a denial of service through CPU resource consumption.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-19 CVE Reserved
- 2022-12-14 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-23514 | 2023-05-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2153234 | 2023-05-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Loofah Project Search vendor "Loofah Project" | Loofah Search vendor "Loofah Project" for product "Loofah" | < 2.19.1 Search vendor "Loofah Project" for product "Loofah" and version " < 2.19.1" | ruby |
Affected
|