Sha256: 748d154b46ee00bdff3e7c88f691d2b6205ad5443df7165bf8a82fb2faf9582f

Contents?: true

Size: 703 Bytes

Versions: 3

Compression:

Stored size: 703 Bytes

Contents

---
gem: rails-html-sanitizer
cve: 2018-3741
date: 2018-03-22
url: https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ
title: XSS vulnerability in rails-html-sanitizer
description: |
  There is a possible XSS vulnerability in rails-html-sanitizer.  The gem allows
  non-whitelisted attributes to be present in sanitized output when input with
  specially-crafted HTML fragments, and these attributes can lead to an XSS attack
  on target applications.

  This issue is similar to CVE-2018-8048 in Loofah.
patched_versions:
  - ">= 1.0.4"
related:
  cve:
    - 2018-8048
  url:
    - https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2018-3741.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2018-3741.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2018-3741.yml