GHSA-77pc-q5q7-qg9h

Опубликовано: 17 сент. 2018

Источник: github

Github: Прошло ревью

Описание

Moderate severity vulnerability that affects rails-html-sanitizer

Withdrawn, accidental duplicate publish.

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2015-7580
https://github.com/advisories/GHSA-77pc-q5q7-qg9h

Пакеты

Наименование

rails-html-sanitizer

rubygems

Затронутые версииВерсия исправления

< 1.0.3

1.0.3