https://github.com/flavorjones/loofah/issues/144

ghiculescu · Mar 19, 2018 · f00c65c · f00c65c
1 parent 3f5830b
commit f00c65c
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/gems/loofah/CVE-2018-8048.yml b/gems/loofah/CVE-2018-8048.yml
@@ -0,0 +1,12 @@
+---
+gem: loofah
+osvdb: 2018-8048
+url: https://github.com/flavorjones/loofah/issues/144
+title: Loofah XSS Vulnerability
+date: 2018-03-16
+
+description: |
+  Loofah allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments.
+
+patched_versions:
+  - ">=  2.2.1"