GHSA-mrhj-2g4v-39qx

Опубликовано: 17 сент. 2018

Источник: github

Github: Прошло ревью

Описание

Moderate severity vulnerability that affects rails-html-sanitizer

Withdrawn, accidental duplicate publish.

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2015-7579
https://github.com/advisories/GHSA-mrhj-2g4v-39qx

Пакеты

Наименование

rails-html-sanitizer

rubygems

Затронутые версииВерсия исправления

= 1.0.2

1.0.3