This issue has been created for public disclosure of an XSS vulnerability that was responsibly reported by https://hackerone.com/vxhex I'd like to thank HackerOne for providing a secure, responsible mechanism for reporting, and for providing their fantastic service to the Loofah maintainers. Severity Loofah maintainers have evaluated this as Medium (CVSS3 6.4). Description In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Affected Versions Loofah <= v2.3.0 Mitigation Upgrade to Loofah v2.3.1 or later.
dev-ruby/loofah 2.3.1 has been added.
amd64 stable. Maintainer(s), please cleanup.
Cleanup done.
GLSA Vote: No! Repository is clean, all done.