Flavorjones

**Name of the Vulnerable Software and Affected Versions** Loofah versions 2.2.0 through 2.19.0 **Description** Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. It uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. **Recommendations** For Loofah versions 2.2.0 through 2.19.0, upgrade to version 2.19.1 to resolve the issue. As a temporary workaround for users who are unable to upgrade, consider limiting the length of the strings that are sanitized to mitigate the vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mechanize versions prior to 2.8.5 **Description** The Mechanize library, used for automating interaction with websites, has an issue where the Authorization header is leaked after a redirect to a different port on the same site. This occurs in versions prior to 2.8.5. The library automatically stores and sends cookies, follows redirects, and can follow links and submit forms. **Recommendations** For Mechanize versions prior to 2.8.5, upgrade to Mechanize v2.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information that could be leaked due to the Authorization header issue, until a patch is applied.