Sha256: 20142dc561453a984fe578c430ac85813d2be5cb40b7ca07b61f9c8655f75cab

Contents?: true

Size: 392 Bytes

Versions: 3

Compression:

Stored size: 392 Bytes

Contents

---
gem: loofah
cve: 2018-16468
url: https://github.com/flavorjones/loofah/issues/154
title: Loofah XSS Vulnerability
date: 2018-10-30
description: |
  In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in
  sanitized output when a crafted SVG element is republished.

cvss_v3: 6.4
patched_versions:
  - ">=  2.2.3"
related:
  url:
    - https://hackerone.com/reports/429267

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/loofah/CVE-2018-16468.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/loofah/CVE-2018-16468.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/loofah/CVE-2018-16468.yml