CVE-2018-16468

Description

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Affected packages (3)

• Debian/ruby-loofahfrom 0, < 2.2.3-1
• Debian/ruby-loofahfrom 0, < 2.0.3-2+deb9u2
• RubyGems/loofahfrom 0, < 2.2.3

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-16468
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-16468
• PATCHhttps://github.com/flavorjones/loofah
• WEBhttps://github.com/flavorjones/loofah/issues/154
• WEBhttps://www.debian.org/security/2019/dsa-4364