pkg:gem/sanitize
Type
gem
Name
sanitize
Known advisories, vulnerabilities and fixes for sanitize package.
- Repository
- https://rubygems.org/gems/sanitize
High
3
Medium
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 4.6.3 = 1.1.0 |
CVE-2018-3740
|
RUBYSEC:SANITIZE-2018-3740 | HTML injection/XSS in Sanitize | high |
2018-03-19T00:00:00
(6 years ago) |
|
Fixed | = 2.1.1 >= 4.6.3 |
CVE-2018-3740
|
RUBYSEC:SANITIZE-2018-3740 | HTML injection/XSS in Sanitize | high |
2018-03-19T00:00:00
(6 years ago) |
|
Unaffected | < 1.1.0 |
CVE-2018-3740
|
RUBYSEC:SANITIZE-2018-3740 | HTML injection/XSS in Sanitize | high |
2018-03-19T00:00:00
(6 years ago) |
|
Affected | < 5.2.1 = 3.0.0 |
CVE-2020-4054
|
RUBYSEC:SANITIZE-2020-4054 | Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize | high |
2020-06-16T00:00:00
(4 years ago) |
|
Fixed | >= 5.2.1 |
CVE-2020-4054
|
RUBYSEC:SANITIZE-2020-4054 | Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize | high |
2020-06-16T00:00:00
(4 years ago) |
|
Unaffected | < 3.0.0 |
CVE-2020-4054
|
RUBYSEC:SANITIZE-2020-4054 | Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize | high |
2020-06-16T00:00:00
(4 years ago) |
|
Affected | < 6.0.1 = 5.0.0 |
CVE-2023-23627
|
RUBYSEC:SANITIZE-2023-23627 | Improper neutralization of `noscript` element content may allow XSS in Sanitize | medium |
2023-01-28T00:00:00
(20 months ago) |
|
Fixed | >= 6.0.1 |
CVE-2023-23627
|
RUBYSEC:SANITIZE-2023-23627 | Improper neutralization of `noscript` element content may allow XSS in Sanitize | medium |
2023-01-28T00:00:00
(20 months ago) |
|
Unaffected | < 5.0.0 |
CVE-2023-23627
|
RUBYSEC:SANITIZE-2023-23627 | Improper neutralization of `noscript` element content may allow XSS in Sanitize | medium |
2023-01-28T00:00:00
(20 months ago) |
|
Affected | < 6.0.2 = 3.0.0 |
CVE-2023-36823
|
RUBYSEC:SANITIZE-2023-36823 | Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content | high |
2023-07-06T00:00:00
(14 months ago) |
|
Fixed | >= 6.0.2 |
CVE-2023-36823
|
RUBYSEC:SANITIZE-2023-36823 | Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content | high |
2023-07-06T00:00:00
(14 months ago) |
|
Unaffected | < 3.0.0 |
CVE-2023-36823
|
RUBYSEC:SANITIZE-2023-36823 | Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content | high |
2023-07-06T00:00:00
(14 months ago) |