Html Sanitizer Ruby on Rails Html Sanitizer

stack.watch can notify you when security vulnerabilities are reported in Ruby on Rails Html Sanitizer. You can add multiple products that you use with Html Sanitizer to create your own personal software stack watcher.

By the Year

In 2020 there have been 0 vulnerabilities in Ruby on Rails Html Sanitizer . Last year Html Sanitizer had 0 security vulnerabilities published.

Year Vulnerabilities Average Score
2020 0 0.00
2019 0 0.00
2018 1 6.10

It may take a day or so for new Html Sanitizer vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Ruby on Rails Html Sanitizer Security Vulnerabilities

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby

CVE-2018-3741 6.1 - Medium - March 30, 2018

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.

CVE-2018-3741 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS