From f00c65c8f94161b4bc0c37c39572909f4421901b Mon Sep 17 00:00:00 2001
From: Alex Ghiculescu <alex@tanda.co>
Date: Tue, 20 Mar 2018 09:50:25 +1000
Subject: [PATCH] https://github.com/flavorjones/loofah/issues/144

---
 gems/loofah/CVE-2018-8048.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 gems/loofah/CVE-2018-8048.yml

diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml
new file mode 100644
index 0000000000..ee1fadf7e0
--- /dev/null
+++ b/gems/loofah/CVE-2018-8048.yml
@@ -0,0 +1,12 @@
+---
+gem: loofah
+osvdb: 2018-8048
+url: https://github.com/flavorjones/loofah/issues/144
+title: Loofah XSS Vulnerability
+date: 2018-03-16
+
+description: |
+  Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments.
+
+patched_versions:
+  - ">=  2.2.1"