Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update rails-html-sanitizer, fixes CVE-2018-3741 #174

Merged
merged 1 commit into from
May 10, 2018
Merged

Update rails-html-sanitizer, fixes CVE-2018-3741 #174

merged 1 commit into from
May 10, 2018

Conversation

chrishunt
Copy link
Member

cc @r00k @ehmorris for review.

Fixes CVE-2018-3741:

Possible XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in rails-html-sanitizer. This
vulnerability has been assigned the CVE identifier CVE-2018-3741.

Versions Affected: 1.0.3 or older.
Not affected: None.
Fixed Versions: 1.0.4

Impact

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications.

r00k
r00k approved these changes May 10, 2018
View reviewed changes
Copy link
Contributor

@r00k r00k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks dude!

@chrishunt chrishunt merged commit bdcfbc1 into master May 10, 2018
@chrishunt chrishunt deleted the CVE-2018-3741 branch May 10, 2018 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@r00k r00k r00k approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@chrishunt @r00k