[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2018-3741] XSS vulnerability in rails-html-sanitizer
From: Rafael_Mendonça_França <rafaelmfranca () gmail ! com>
Date: 2018-03-22 19:10:58
Message-ID: 33d0cf4f-30f8-4690-b7ad-508c1c1bd037 () Spark
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in rails-html-sanitizer. This
vulnerability has been assigned the CVE identifier CVE-2018-3741.
Versions Affected: 1.0.3 or older.
Not affected: None.
Fixed Versions: 1.0.4
Impact
------
There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted
attributes to be present in sanitized output when input with specially-crafted HTML fragments,
and these attributes can lead to an XSS attack on target applications.
This issue is similar to CVE-2018-8048 in Loofah.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
--------
The FIXED releases are available at the normal locations.
Workarounds
-----------
There are no feasible workarounds for this issue.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 1-0-sanitize_attributes.patch - Patch for 1.0 series
Credits
-------
Thanks to Kaarlo Haikonen for reporting this issue and Mike Dalessio for providing the original \
fix in the Loofah gem.
Rafael França
[Attachment #5 (text/html)]
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div name="messageBodySection" style="font-size: 14px; font-family: -apple-system, \
BlinkMacSystemFont, sans-serif;"> <div>Possible XSS vulnerability in rails-html-sanitizer</div>
<div><br /></div>
<div>There is a possible XSS vulnerability in rails-html-sanitizer. This</div>
<div>vulnerability has been assigned the CVE identifier CVE-2018-3741.</div>
<div><br /></div>
<div>Versions Affected:  1.0.3 or older.</div>
<div>Not affected:       None.</div>
<div>Fixed Versions:     1.0.4</div>
<div><br /></div>
<div>Impact</div>
<div>------</div>
<div>There is a possible XSS vulnerability in rails-html-sanitizer.  The gem allows \
non-whitelisted</div> <div>attributes to be present in sanitized output when input with \
specially-crafted HTML fragments,</div> <div>and these attributes can lead to an XSS attack on \
target applications.</div> <div><br /></div>
<div>This issue is similar to CVE-2018-8048 in Loofah.</div>
<div><br /></div>
<div>All users running an affected release should either upgrade or use one of the</div>
<div>workarounds immediately.</div>
<div><br /></div>
<div>Releases</div>
<div>--------</div>
<div>The FIXED releases are available at the normal locations.</div>
<div><br /></div>
<div>Workarounds</div>
<div>-----------</div>
<div>There are no feasible workarounds for this issue.</div>
<div><br /></div>
<div>Patches</div>
<div>-------</div>
<div>To aid users who aren't able to upgrade immediately we have provided patches for</div>
<div>the two supported release series. They are in git-am format and consist of a</div>
<div>single changeset.</div>
<div><br /></div>
<div>* 1-0-sanitize_attributes.patch - Patch for 1.0 series</div>
<div><br /></div>
<div>Credits</div>
<div>-------</div>
<div>Thanks to Kaarlo Haikonen for reporting this issue and Mike Dalessio for providing the \
original fix in the Loofah gem. </div> </div>
<div name="messageSignatureSection" style="font-size: 14px; font-family: -apple-system, \
BlinkMacSystemFont, sans-serif;"><br /> Rafael França</div>
</body>
</html>
["=?utf-8?Q?1-0-santize=5Fattributes.patch?=" (application/octet-stream)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic