6 matches found
SUSE CVE-2018-3740
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...
Debian DSA-4358-1 : ruby-sanitize - security update
The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow nonwhitelisted attributes to be used on a whitelisted HTML element. C Tenable Network Security,...
[SECURITY] [DSA 4358-1] ruby-sanitize security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4358-1] ruby-sanitize security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...
CVE-2018-3740
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...
CVE-2018-3740
CVE-2018-3740 affects the ruby-sanitize (Sanitize gem for Ruby) whitelist-based HTML sanitizer. A specially crafted HTML fragment can cause non-whitelisted attributes to be applied to whitelisted elements, enabling HTML injection-like behavior. Debian’s DSA-4358-1 fixes the issue in ruby-sanitize...