CVE-2018-3740

Summary

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

Affected Software

VendorProductVersion RangeStatus
Ryan Grovesanitize (ruby gem)< 4.6.3affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References