VulnerableCode Package Details - pkg:rpm/redhat/tfm-rubygem-loofah@2.19.1-1?arch=el8sat

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/tfm-rubygem-loofah@2.19.1-1?arch=el8sat

purl	pkg:rpm/redhat/tfm-rubygem-loofah@2.19.1-1?arch=el8sat

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-6qdt-my8d-rkd5 Aliases: CVE-2022-23516 GHSA-3x8r-x6xp-q4vm GMS-2022-8288	Uncontrolled Recursion in Loofah ## Summary Loofah `>= 2.2.0, < 2.19.1` uses recursion for sanitizing `CDATA` sections, making it susceptible to stack exhaustion and raising a `SystemStackError` exception. This may lead to a denial of service through CPU resource consumption. ## Mitigation Upgrade to Loofah `>= 2.19.1`. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. ## Severity The Loofah maintainers have evaluated this as [High Severity 7.5 (CVSS3.1)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ## References - [CWE - CWE-674: Uncontrolled Recursion (4.9)](https://cwe.mitre.org/data/definitions/674.html)	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:56:02.089281+00:00	RedHat Importer	Affected by	VCID-6qdt-my8d-rkd5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23516.json	38.0.0