[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4730-1 ruby-sanitize -- ruby-sanitize

ID: oval:org.secpod.oval:def:604924Date: (C)2020-07-22   (M)2021-06-02
Class: PATCHFamily: unix




Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the "relaxed" or a custom config allowing certain elements. Content in a <math> or <svg> element may not be sanitized correctly even if math and svg are not in the allowlist.

Platform:
Debian 10.x
Product:
ruby-sanitize
Reference:
DSA-4730-1
CVE-2020-4054
CVE    1
CVE-2020-4054

© SecPod Technologies