Moderate severityNVD Advisory· Published Oct 30, 2018· Updated Aug 5, 2024
CVE-2018-16468
CVE-2018-16468
Description
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
loofahRubyGems | < 2.2.3 | 2.2.3 |
Affected products
9- ghsa-coords9 versionspkg:gem/loofahpkg:rpm/opensuse/rmt-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-loofah&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-loofah&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/rubygem-loofah&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/rubygem-loofah&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/rubygem-loofah&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-loofah&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 2.2.3+ 8 more
- (no CPE)range: < 2.2.3
- (no CPE)range: < 2.6.13-1.1
- (no CPE)range: < 2.19.1-1.2
- (no CPE)range: < 2.14.0-1.1
- (no CPE)range: < 1.1.1-3.13.1
- (no CPE)range: < 2.0.2-3.5.1
- (no CPE)range: < 2.2.2-4.3.1
- (no CPE)range: < 2.0.2-3.5.1
- (no CPE)range: < 2.0.2-3.5.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-g4xq-jx4w-4cjvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-16468ghsaADVISORY
- www.debian.org/security/2019/dsa-4364ghsavendor-advisoryx_refsource_DEBIANWEB
- github.com/flavorjones/loofah/issues/154ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.