We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs.
>= 2.1.0, < 2.19.1
image/svg+xml
Upgrade to Loofah >= 2.19.1.
>= 2.19.1
The Loofah maintainers have evaluated this as Medium Severity 6.1.
This vulnerability was responsibly reported by Maciej Piechota (@haqpl).
Summary
Loofah
>= 2.1.0, < 2.19.1is vulnerable to cross-site scripting via theimage/svg+xmlmedia type in data URIs.Mitigation
Upgrade to Loofah
>= 2.19.1.Severity
The Loofah maintainers have evaluated this as Medium Severity 6.1.
References
Credit
This vulnerability was responsibly reported by Maciej Piechota (@haqpl).