Candidate: CVE-2018-16468
PublicDate: 2018-10-30 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16468
 https://github.com/flavorjones/loofah/issues/154
Description:
 In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may
 occur in sanitized output when a crafted SVG element is republished.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N [5.4 MEDIUM]


Patches_ruby-loofah:
upstream_ruby-loofah: released (2.0.3-2+deb9u2, 2.2.3-1)
precise/esm_ruby-loofah: DNE
trusty_ruby-loofah: DNE
trusty/esm_ruby-loofah: DNE
xenial_ruby-loofah: released (2.0.3-2+deb9u2build0.16.04.1)
bionic_ruby-loofah: needed
cosmic_ruby-loofah: ignored (reached end-of-life)
disco_ruby-loofah: not-affected (2.2.3-1)
eoan_ruby-loofah: not-affected (2.2.3-1)
focal_ruby-loofah: not-affected (2.2.3-1)
groovy_ruby-loofah: not-affected (2.2.3-1)
hirsute_ruby-loofah: not-affected (2.2.3-1)
impish_ruby-loofah: not-affected (2.2.3-1)
jammy_ruby-loofah: not-affected (2.2.3-1)
devel_ruby-loofah: not-affected (2.2.3-1)