Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: loofah
date: 2018-03-16
url: https://github.com/flavorjones/loofah/issues/144
cve: 2018-8048
title: Loofah XSS Vulnerability
description: |
  Loofah allows non-whitelisted attributes to be present in sanitized
  output when input with specially-crafted HTML fragments.
patched_versions:
- ">=  2.2.1"