CVE-2018-3740

Name
CVE-2018-3740
Description
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://github.com/rgrove/sanitize/issues/176
Patch https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e
CONFIRM https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
DEBIAN https://www.debian.org/security/2018/dsa-4358

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:* ruby-sanitize >= None <= 4.6.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status