Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: loofah
date: 2019-10-22
url: https://github.com/flavorjones/loofah/issues/171
cve: 2019-15587
title: Loofah XSS Vulnerability
description: |
  In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in
  sanitized output when a crafted SVG element is republished.
cvss_v3: '6.4'
patched_versions:
- ">= 2.3.1"