| Release | Version |
|---|---|
| buster | 2.2.3-1+deb10u1 |
| bullseye | 2.7.0+dfsg-1 |
| bookworm | 2.19.1-1 |
| sid | 2.19.1-1 |
| Bug | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|
| CVE-2022-23516 | vulnerable (no DSA) | vulnerable | fixed | fixed | Loofah is a general library for manipulating and transforming HTML/XML ... |
| CVE-2022-23515 | vulnerable | vulnerable | fixed | fixed | Loofah is a general library for manipulating and transforming HTML/XML ... |
| CVE-2022-23514 | vulnerable (no DSA) | vulnerable | fixed | fixed | Loofah is a general library for manipulating and transforming HTML/XML ... |
| Bug | Description |
|---|---|
| CVE-2019-15587 | In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ... |
| CVE-2018-16468 | In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ... |
| CVE-2018-8048 | In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attribu ... |
| DSA / DLA | Description |
|---|---|
| DSA-4554-1 | ruby-loofah - security update |
| DSA-4364-1 | ruby-loofah - security update |
| DSA-4171-1 | ruby-loofah - security update |