From 7fe9ca136fc507c8061f1f50d5ff2ddb1d42c770 Mon Sep 17 00:00:00 2001
From: Grey Baker <greysteil@gmail.com>
Date: Tue, 30 Oct 2018 13:19:02 +0000
Subject: [PATCH 1/2] Add CVE-2018-16468

---
 gems/loofah/CVE-2018-16468.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 gems/loofah/CVE-2018-16468.yaml

diff --git a/gems/loofah/CVE-2018-16468.yaml b/gems/loofah/CVE-2018-16468.yaml
new file mode 100644
index 0000000000..6aa23c6237
--- /dev/null
+++ b/gems/loofah/CVE-2018-16468.yaml
@@ -0,0 +1,11 @@
+---
+gem: loofah
+cve: 2018-16468
+url: https://github.com/flavorjones/loofah/issues/154
+title: Loofah XSS Vulnerability
+date: 2018-10-30
+description: |
+  In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in
+  sanitized output when a crafted SVG element is republished.
+patched_versions:
+  - ">=  2.2.3"

From 560b2b20616d05b85ee7a453362df891f54f719f Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 30 Oct 2018 08:32:26 -0700
Subject: [PATCH 2/2] Update CVE-2018-16468.yaml

Minor updates
---
 gems/loofah/CVE-2018-16468.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gems/loofah/CVE-2018-16468.yaml b/gems/loofah/CVE-2018-16468.yaml
index 6aa23c6237..94c7d82b1a 100644
--- a/gems/loofah/CVE-2018-16468.yaml
+++ b/gems/loofah/CVE-2018-16468.yaml
@@ -7,5 +7,10 @@ date: 2018-10-30
 description: |
   In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in
   sanitized output when a crafted SVG element is republished.
+
+cvss_v3: 6.4
 patched_versions:
   - ">=  2.2.3"
+related:
+  url:
+    - https://hackerone.com/reports/429267