Add CVE-2018-16468 for loofah (#363)

* Add CVE-2018-16468 for loofah
rubysec · Oct 30, 2018 · 3ed9bf6 · 3ed9bf6
1 parent b248010
commit 3ed9bf6
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/gems/loofah/CVE-2018-16468.yaml b/gems/loofah/CVE-2018-16468.yaml
@@ -0,0 +1,16 @@
+---
+gem: loofah
+cve: 2018-16468
+url: https://github.com/flavorjones/loofah/issues/154
+title: Loofah XSS Vulnerability
+date: 2018-10-30
+description: |
+  In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in
+  sanitized output when a crafted SVG element is republished.
+
+cvss_v3: 6.4
+patched_versions:
+  - ">=  2.2.3"
+related:
+  url:
+    - https://hackerone.com/reports/429267