From a327d8e4651ce8435b32554be1b7d53ca055555f Mon Sep 17 00:00:00 2001
From: Alex Ghiculescu <alex@tanda.co>
Date: Tue, 20 Mar 2018 12:55:34 +1000
Subject: [PATCH] CVE-2018-8048 - Loofah XSS Vulnerability (#332)

* https://github.com/flavorjones/loofah/issues/144
---
 gems/loofah/CVE-2018-8048.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 gems/loofah/CVE-2018-8048.yml

diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml
new file mode 100644
index 0000000000..71c9d85b8f
--- /dev/null
+++ b/gems/loofah/CVE-2018-8048.yml
@@ -0,0 +1,11 @@
+---
+gem: loofah
+cve: 2018-8048
+url: https://github.com/flavorjones/loofah/issues/144
+title: Loofah XSS Vulnerability
+date: 2018-03-16
+description: |
+  Loofah allows non-whitelisted attributes to be present in sanitized
+  output when input with specially-crafted HTML fragments.
+patched_versions:
+  - ">=  2.2.1"