What the vulnerability does

01Description

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Key dates

02Disclosure timeline

October 30, 2018 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE