Medium severity6.1NVD Advisory· Published Mar 27, 2018· Updated Jun 17, 2026
CVE-2018-8048
CVE-2018-8048
Description
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
loofahRubyGems | < 2.2.1 | 2.2.1 |
nokogiriRubyGems | < 1.8.3 | 1.8.3 |
Affected products
10- ghsa-coords10 versionspkg:gem/loofahpkg:gem/nokogiripkg:rpm/opensuse/ruby3.2-rubygem-loofah&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-loofah&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rubygem-loofah&distro=SUSE%20Enterprise%20Storage%204pkg:rpm/suse/rubygem-loofah&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-loofah&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-loofah&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2.2.1+ 9 more
- (no CPE)range: < 2.2.1
- (no CPE)range: < 1.8.3
- (no CPE)range: < 2.19.1-1.2
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 2.14.0-1.1
- (no CPE)range: < 1.13.3-1.1
- (no CPE)range: < 2.0.2-3.5.1
- (no CPE)range: < 2.0.2-3.5.1
- (no CPE)range: < 2.0.2-3.5.1
- (no CPE)range: < 2.0.2-3.8.1
Patches
Vulnerability mechanics
References
11- www.openwall.com/lists/oss-security/2018/03/19/5nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-x7rv-cr6v-4vm4ghsaADVISORY
- github.com/flavorjones/loofah/issues/144nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-8048ghsaADVISORY
- www.debian.org/security/2018/dsa-4171nvdThird Party AdvisoryWEB
- github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.ymlghsaWEB
- github.com/sparklemotion/nokogiri/pull/1746ghsaWEB
- security.netapp.com/advisory/ntap-20191122-0003ghsaWEB
- security.netapp.com/advisory/ntap-20191122-0003/nvd
News mentions
0No linked articles in our index yet.