Loofah XSS Vulnerability
Published: October 22, 2019
SECURITY IDENTIFIERS
- CVE: CVE-2019-15587 (NVD)
- GHSA: GHSA-c3gv-9cxf-6f57
- Vendor Advisory: https://github.com/flavorjones/loofah/issues/171
GEM
SEVERITY
CVSS v3.x: 6.4 (Medium)
PATCHED VERSIONS
>= 2.3.1
DESCRIPTION
In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.