Affected versions
>= 2.1.0, < 2.19.1
Summary
Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs.
Mitigation
Upgrade to Loofah >= 2.19.1.
Severity
The Loofah maintainers have evaluated this as Medium Severity 6.1.
References
Credit
This vulnerability was responsibly reported by Maciej Piechota (@haqpl).
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
Summary
Loofah
>= 2.1.0, < 2.19.1is vulnerable to cross-site scripting via theimage/svg+xmlmedia type in data URIs.Mitigation
Upgrade to Loofah
>= 2.19.1.Severity
The Loofah maintainers have evaluated this as Medium Severity 6.1.
References
Credit
This vulnerability was responsibly reported by Maciej Piechota (@haqpl).