CVE-2018-8048 - Loofah XSS Vulnerability (#332)

* flavorjones/loofah#144
rubysec · Mar 20, 2018 · a327d8e · a327d8e
1 parent 3f5830b
commit a327d8e
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml
@@ -0,0 +1,11 @@
+---
+gem: loofah
+cve: 2018-8048
+url: https://github.com/flavorjones/loofah/issues/144
+title: Loofah XSS Vulnerability
+date: 2018-03-16
+description: |
+  Loofah allows non-whitelisted attributes to be present in sanitized
+  output when input with specially-crafted HTML fragments.
+patched_versions:
+  - ">=  2.2.1"