Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 22 Mar 2018 15:10:58 -0400
From: Rafael Mendonça França
 <rafaelmfranca@...il.com>
To: rubyonrails-security@...glegroups.com, 
 ruby-security-ann@...glegroups.com, oss-security@...ts.openwall.com
Subject: [CVE-2018-3741] XSS vulnerability in rails-html-sanitizer

Possible XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in rails-html-sanitizer. This
vulnerability has been assigned the CVE identifier CVE-2018-3741.

Versions Affected:  1.0.3 or older.
Not affected:       None.
Fixed Versions:     1.0.4

Impact
------
There is a possible XSS vulnerability in rails-html-sanitizer.  The gem allows non-whitelisted
attributes to be present in sanitized output when input with specially-crafted HTML fragments,
and these attributes can lead to an XSS attack on target applications.

This issue is similar to CVE-2018-8048 in Loofah.

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The FIXED releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 1-0-sanitize_attributes.patch - Patch for 1.0 series

Credits
-------
Thanks to Kaarlo Haikonen for reporting this issue and Mike Dalessio for providing the original fix in the Loofah gem.

Rafael França

Content of type "text/html" skipped

Download attachment "1-0-santize_attributes.patch" of type "application/octet-stream" (5469 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ