USN-4498-1

Source

https://ubuntu.com/security/notices/USN-4498-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4498-1.json

Related

CVE-2019-15587

Published

2020-09-15T19:25:01.915480Z

Modified

2020-09-15T19:25:01.915480Z

Summary

ruby-loofah vulnerability

Details

It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. (CVE-2019-15587)

References

https://ubuntu.com/security/notices/USN-4498-1
https://ubuntu.com/security/CVE-2019-15587

Affected packages

Ubuntu:16.04:LTS / ruby-loofah

Package

Name: ruby-loofah

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2.0.3-2+deb9u3build0.16.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "ruby-loofah": "2.0.3-2+deb9u3build0.16.04.1"
        }
    ]
}