Lucene search

HackeroneCVELIST:CVE-2018-16468

HistoryOct 30, 2018 - 9:00 p.m.

CVE-2018-16468

2018-10-3021:00:00

CWE-79

hackerone

www.cve.org

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

CNA Affected

[
  {
    "product": "Loofah (Ruby Gem)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v2.2.3"
      }
    ]
  }
]

References

github.com/flavorjones/loofah/issues/154

www.debian.org/security/2019/dsa-4364