Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-3565-1 ruby-loofah security update
Debian DLA Debian DLA DLA-3901-1 ruby-loofah security update
EUVD EUVD EUVD-2022-7500 Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.
Github GHSA Github GHSA GHSA-486f-hjj9-9vhh Inefficient Regular Expression Complexity in Loofah
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 21 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-04-21T14:50:27.172Z

Reserved: 2022-01-19T21:23:53.777Z

Link: CVE-2022-23514

cve-icon Vulnrichment

Updated: 2024-08-03T03:43:46.112Z

cve-icon NVD

Status : Modified

Published: 2022-12-14T14:15:10.477

Modified: 2024-11-21T06:48:43.410

Link: CVE-2022-23514

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-12-13T00:00:00Z

Links: CVE-2022-23514 - Bugzilla

cve-icon OpenCVE Enrichment

No data.