Date: Thu, 22 Mar 2018 15:10:58 -0400 From: Rafael Mendonça França <rafaelmfranca@...il.com> To: rubyonrails-security@...glegroups.com, ruby-security-ann@...glegroups.com, oss-security@...ts.openwall.com Subject: [CVE-2018-3741] XSS vulnerability in rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2018-3741. Versions Affected: 1.0.3 or older. Not affected: None. Fixed Versions: 1.0.4 Impact ------ There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The FIXED releases are available at the normal locations. Workarounds ----------- There are no feasible workarounds for this issue. Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * 1-0-sanitize_attributes.patch - Patch for 1.0 series Credits ------- Thanks to Kaarlo Haikonen for reporting this issue and Mike Dalessio for providing the original fix in the Loofah gem. Rafael França Content of type "text/html" skipped Download attachment "1-0-santize_attributes.patch" of type "application/octet-stream" (5469 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ