Lucene search

K
cvelistHackeroneCVELIST:CVE-2018-3740
HistoryMar 30, 2018 - 7:00 p.m.

CVE-2018-3740

2018-03-3019:00:00
CWE-79
hackerone
www.cve.org

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

CNA Affected

[
  {
    "product": "sanitize (ruby gem)",
    "vendor": "Ryan Grove",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.6.3"
      }
    ]
  }
]

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%