Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: sanitize
date: 2018-03-19
url: https://github.com/rgrove/sanitize/issues/176
cve: 2018-3740
title: HTML injection/XSS in Sanitize
description: |
  When Sanitize gem is used in combination with libxml2 >= 2.9.2,
  a specially crafted HTML fragment can cause libxml2 to generate
  improperly escaped output, allowing non-whitelisted attributes to be
  used on whitelisted elements.

  This can allow HTML and JavaScript injection, which could result in XSS
  if Sanitize's output is served to browsers.
unaffected_versions:
- "< 1.1.0"
patched_versions:
- "~> 2.1.1"
- ">= 4.6.3"
related:
  url: '["https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"]'