From 78da371af941a8a57f4dcec0108f55fc1995d2b5 Mon Sep 17 00:00:00 2001
From: Nick Muerdter <12112+GUI@users.noreply.github.com>
Date: Tue, 22 Oct 2019 10:15:47 -0600
Subject: [PATCH 1/2] Add CVE-2019-15587 for Loofah

---
 gems/loofah/CVE-2019-15587.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 gems/loofah/CVE-2019-15587.yml

diff --git a/gems/loofah/CVE-2019-15587.yml b/gems/loofah/CVE-2019-15587.yml
new file mode 100644
index 0000000000..7bc24b057b
--- /dev/null
+++ b/gems/loofah/CVE-2019-15587.yml
@@ -0,0 +1,13 @@
+---
+gem: loofah
+cve: 2019-15587
+url: https://github.com/flavorjones/loofah/issues/171
+title: Loofah XSS Vulnerability
+date: 2019-10-22
+description: |
+  In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in
+  sanitized output when a crafted SVG element is republished.
+
+cvss_v3: 6.4
+patched_versions:
+  - ">=  2.3.1"

From 9edc5444b32f6a2c333ed5eb355121854ac2a917 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Wed, 23 Oct 2019 19:46:32 -0700
Subject: [PATCH 2/2] Update CVE-2019-15587.yml

---
 gems/loofah/CVE-2019-15587.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gems/loofah/CVE-2019-15587.yml b/gems/loofah/CVE-2019-15587.yml
index 7bc24b057b..e0226ad786 100644
--- a/gems/loofah/CVE-2019-15587.yml
+++ b/gems/loofah/CVE-2019-15587.yml
@@ -10,4 +10,4 @@ description: |
 
 cvss_v3: 6.4
 patched_versions:
-  - ">=  2.3.1"
+  - ">= 2.3.1"