Add CVE-2019-15587 for Loofah (#420)

rubysec · Oct 24, 2019 · 75e23ae · 75e23ae
1 parent d074fb8
commit 75e23ae
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/gems/loofah/CVE-2019-15587.yml b/gems/loofah/CVE-2019-15587.yml
@@ -0,0 +1,13 @@
+---
+gem: loofah
+cve: 2019-15587
+url: https://github.com/flavorjones/loofah/issues/171
+title: Loofah XSS Vulnerability
+date: 2019-10-22
+description: |
+  In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in
+  sanitized output when a crafted SVG element is republished.
+
+cvss_v3: 6.4
+patched_versions:
+  - ">= 2.3.1"