CVE-2018-3741 (rails-html-sanitizer): XSS vulnerability in rails-html-sanitizer

XSS vulnerability in rails-html-sanitizer

Published: March 22, 2018

SECURITY IDENTIFIERS

CVE: CVE-2018-3741 (NVD)
GHSA: GHSA-px3r-jm9g-c8w8
Vendor Advisory: https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ

GEM

rails-html-sanitizer

SEVERITY

CVSS v3.x: 6.1 (Medium)

PATCHED VERSIONS

>= 1.0.4

DESCRIPTION

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications.

This issue is similar to CVE-2018-8048 in Loofah.

CVE-2018-8048 (NVD)
https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae

RubySec