---
gem: loofah
cve: 2018-8048
url: https://github.com/flavorjones/loofah/issues/144
title: Loofah XSS Vulnerability
date: 2018-03-16
description: |
  Loofah allows non-whitelisted attributes to be present in sanitized
  output when input with specially-crafted HTML fragments.
patched_versions:
  - ">=  2.2.1"