Loofah Cross-site Scripting vulnerability

GHSA-g4xq-jx4w-4cjv · CVE-2018-16468

Published Nov 1, 2018 · Modified Nov 8, 2023

Description

In the Loofah gem for Ruby, through version 2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Users are advised to upgrade to version 2.2.3.

See https://github.com/flavorjones/loofah/issues/154 for more details.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-16468
WEB https://github.com/flavorjones/loofah/issues/154
PACKAGE https://github.com/flavorjones/loofah
WEB https://www.debian.org/security/2019/dsa-4364

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes