Affected versions
>= 1.0.3, < 1.4.4
Summary
rails-html-sanitizer >= 1.0.3, < 1.4.4 is vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0.
Mitigation
Upgrade to rails-html-sanitizer >= 1.4.4.
Severity
The maintainers have evaluated this as Medium Severity 6.1.
References
Credit
This vulnerability was independently reported by Maciej Piechota (@haqpl) and Mrinmoy Das (@goromlagche).
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
Summary
rails-html-sanitizer
>= 1.0.3, < 1.4.4is vulnerable to cross-site scripting via data URIs when used in combination with Loofah>= 2.1.0.Mitigation
Upgrade to rails-html-sanitizer
>= 1.4.4.Severity
The maintainers have evaluated this as Medium Severity 6.1.
References
Credit
This vulnerability was independently reported by Maciej Piechota (@haqpl) and Mrinmoy Das (@goromlagche).