Loofah XSS Vulnerability
Published: October 30, 2018
SECURITY IDENTIFIERS
- CVE: CVE-2018-16468 (NVD)
- GHSA: GHSA-g4xq-jx4w-4cjv
- Vendor Advisory: https://github.com/flavorjones/loofah/issues/154
GEM
SEVERITY
CVSS v3.x: 6.4 (Medium)
PATCHED VERSIONS
>= 2.2.3
DESCRIPTION
In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.