Candidate: CVE-2018-8048
PublicDate: 2018-03-27 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
 https://github.com/flavorjones/loofah/issues/144
 https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7
Description:
 In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes
 may occur in sanitized output by republishing a crafted HTML fragment.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_ruby-loofah:
upstream_ruby-loofah: released (2.2.1-1)
precise/esm_ruby-loofah: DNE
trusty_ruby-loofah: DNE
trusty/esm_ruby-loofah: DNE
xenial_ruby-loofah: not-affected (2.0.3-2+deb9u1)
artful_ruby-loofah: ignored (reached end-of-life)
bionic_ruby-loofah: not-affected (2.2.1-1)
cosmic_ruby-loofah: ignored (reached end-of-life)
disco_ruby-loofah: not-affected (2.2.1-1)
devel_ruby-loofah: not-affected (2.2.1-1)