From 383cc388904bf7bd29200fe82e89f9010ff94f19 Mon Sep 17 00:00:00 2001 From: Denis Talakevich Date: Sun, 27 Oct 2019 20:32:13 +0200 Subject: [PATCH] loofah vulnerability CVE-2019-15587 Name: loofah Version: 2.2.3 Advisory: CVE-2019-15587 Criticality: Unknown URL: https://github.com/flavorjones/loofah/issues/171 Title: Loofah XSS Vulnerability Solution: upgrade to >= 2.3.1 --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b09502d6c..acf577702 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -228,7 +228,7 @@ GEM concurrent-ruby (1.1.4) crack (0.4.3) safe_yaml (~> 1.0.0) - crass (1.0.4) + crass (1.0.5) d3-rails (3.5.2) railties (>= 3.1) daemons (1.2.6) @@ -321,7 +321,7 @@ GEM addressable (~> 2.3) libv8 (3.16.14.19) locale (2.1.2) - loofah (2.2.3) + loofah (2.3.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1)