1. Home
  2. Packages
  3. gem
  4. sanitize

pkg:gem/sanitize

Type gem
Name sanitize

Known advisories, vulnerabilities and fixes for sanitize package.

Repository
https://rubygems.org/gems/sanitize
High 3
Medium 1
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected < 4.6.3 = 1.1.0 CVE-2018-3740
rubysec RUBYSEC:SANITIZE-2018-3740 HTML injection/XSS in Sanitize high 2018-03-19T00:00:00
(6 years ago)
Fixed = 2.1.1 >= 4.6.3 CVE-2018-3740
rubysec RUBYSEC:SANITIZE-2018-3740 HTML injection/XSS in Sanitize high 2018-03-19T00:00:00
(6 years ago)
Unaffected < 1.1.0 CVE-2018-3740
rubysec RUBYSEC:SANITIZE-2018-3740 HTML injection/XSS in Sanitize high 2018-03-19T00:00:00
(6 years ago)
Affected < 5.2.1 = 3.0.0 CVE-2020-4054
rubysec RUBYSEC:SANITIZE-2020-4054 Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize high 2020-06-16T00:00:00
(4 years ago)
Fixed >= 5.2.1 CVE-2020-4054
rubysec RUBYSEC:SANITIZE-2020-4054 Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize high 2020-06-16T00:00:00
(4 years ago)
Unaffected < 3.0.0 CVE-2020-4054
rubysec RUBYSEC:SANITIZE-2020-4054 Cross-site scripting vulnerability via `<math>` or `<svg>` element in Sanitize high 2020-06-16T00:00:00
(4 years ago)
Affected < 6.0.1 = 5.0.0 CVE-2023-23627
rubysec RUBYSEC:SANITIZE-2023-23627 Improper neutralization of `noscript` element content may allow XSS in Sanitize medium 2023-01-28T00:00:00
(20 months ago)
Fixed >= 6.0.1 CVE-2023-23627
rubysec RUBYSEC:SANITIZE-2023-23627 Improper neutralization of `noscript` element content may allow XSS in Sanitize medium 2023-01-28T00:00:00
(20 months ago)
Unaffected < 5.0.0 CVE-2023-23627
rubysec RUBYSEC:SANITIZE-2023-23627 Improper neutralization of `noscript` element content may allow XSS in Sanitize medium 2023-01-28T00:00:00
(20 months ago)
Affected < 6.0.2 = 3.0.0 CVE-2023-36823
rubysec RUBYSEC:SANITIZE-2023-36823 Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content high 2023-07-06T00:00:00
(14 months ago)
Fixed >= 6.0.2 CVE-2023-36823
rubysec RUBYSEC:SANITIZE-2023-36823 Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content high 2023-07-06T00:00:00
(14 months ago)
Unaffected < 3.0.0 CVE-2023-36823
rubysec RUBYSEC:SANITIZE-2023-36823 Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content high 2023-07-06T00:00:00
(14 months ago)