From f00c65c8f94161b4bc0c37c39572909f4421901b Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Tue, 20 Mar 2018 09:50:25 +1000 Subject: [PATCH 1/3] https://github.com/flavorjones/loofah/issues/144 --- gems/loofah/CVE-2018-8048.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 gems/loofah/CVE-2018-8048.yml diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml new file mode 100644 index 0000000000..ee1fadf7e0 --- /dev/null +++ b/gems/loofah/CVE-2018-8048.yml @@ -0,0 +1,12 @@ +--- +gem: loofah +osvdb: 2018-8048 +url: https://github.com/flavorjones/loofah/issues/144 +title: Loofah XSS Vulnerability +date: 2018-03-16 + +description: | + Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. + +patched_versions: + - ">= 2.2.1" From f186a387747880c243791c68e0c934ee09306ecd Mon Sep 17 00:00:00 2001 From: Alex Ghiculescu Date: Tue, 20 Mar 2018 09:54:37 +1000 Subject: [PATCH 2/3] use correct param --- gems/loofah/CVE-2018-8048.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml index ee1fadf7e0..a3682f3d9b 100644 --- a/gems/loofah/CVE-2018-8048.yml +++ b/gems/loofah/CVE-2018-8048.yml @@ -1,12 +1,10 @@ --- gem: loofah -osvdb: 2018-8048 +cve: 2018-8048 url: https://github.com/flavorjones/loofah/issues/144 title: Loofah XSS Vulnerability date: 2018-03-16 - description: | Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. - patched_versions: - ">= 2.2.1" From 4bddee3f2d68d4517cbad6cd051a632d0f89c5a7 Mon Sep 17 00:00:00 2001 From: Reed Loden Date: Mon, 19 Mar 2018 19:54:53 -0700 Subject: [PATCH 3/3] Break description after 75 chars --- gems/loofah/CVE-2018-8048.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml index a3682f3d9b..71c9d85b8f 100644 --- a/gems/loofah/CVE-2018-8048.yml +++ b/gems/loofah/CVE-2018-8048.yml @@ -5,6 +5,7 @@ url: https://github.com/flavorjones/loofah/issues/144 title: Loofah XSS Vulnerability date: 2018-03-16 description: | - Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. + Loofah allows non-whitelisted attributes to be present in sanitized + output when input with specially-crafted HTML fragments. patched_versions: - ">= 2.2.1"