Linux Distros Unpatched Vulnerability : CVE-2020-4054

🗓️ 27 Aug 2025 00:00:00Reported by TenableType

XSS in RubyGem sanitize versions 3.0.0–5.2.0 with relaxed configs that allow math or svg elements.

Reporter	Title	Published	Views	Family All 25
CNVD	Sanitize Cross-Site Scripting Vulnerability	17 Jun 202000:00	–	cnvd
CVE	CVE-2020-4054	16 Jun 202022:10	–	cve
Cvelist	CVE-2020-4054 Cross-site Scripting in Sanitize	16 Jun 202022:10	–	cvelist
Debian	[SECURITY] [DSA 4730-1] ruby-sanitize security update	19 Jul 202019:18	–	debian
Debian	[SECURITY] [DSA 4730-1] ruby-sanitize security update	19 Jul 202019:18	–	debian
Debian CVE	CVE-2020-4054	16 Jun 202022:10	–	debiancve
Tenable Nessus	Debian DSA-4730-1 : ruby-sanitize - security update	20 Jul 202000:00	–	nessus
Tenable Nessus	Ubuntu 20.04 LTS : Sanitize vulnerability (USN-4543-1)	26 Sep 202000:00	–	nessus
EUVD	EUVD-2020-0503	7 Oct 202500:30	–	euvd
Github Security Blog	Cross-site Scripting in Sanitize	16 Jun 202022:08	–	github

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-4054
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(257074);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/27");

  script_cve_id("CVE-2020-4054");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-4054");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site
    scripting vulnerability. When HTML is sanitized using Sanitize's relaxed config, or a custom config that
    allows certain elements, some content in a math or svg element may not be sanitized correctly even if math
    and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's
    relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math,
    noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an
    attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site
    scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in
    5.2.1. (CVE-2020-4054)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-4054");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-4054");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby-sanitize");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "ruby-sanitize"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "ruby-sanitize"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

27 Aug 2025 00:00Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 3.17.3

EPSS0.00484