RubySec

Providing security resources for the Ruby community

CVE-2018-16468 (loofah): Loofah XSS Vulnerability

ADVISORIES

GEM

loofah

SEVERITY

CVSS v3.x: 6.4 (Medium)

PATCHED VERSIONS

  • >= 2.2.3

DESCRIPTION

In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories