|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 4358-1 (ruby-sanitize - security update)|
|Summary:||The Shopify Application Security Team discovered that ruby-sanitize, a;whitelist-based HTML sanitizer, is prone to a HTML injection;vulnerability. A specially crafted HTML fragment can cause to allow nonwhitelisted attributes to be used on a whitelisted HTML element.|
The Shopify Application Security Team discovered that ruby-sanitize, a
whitelist-based HTML sanitizer, is prone to a HTML injection
vulnerability. A specially crafted HTML fragment can cause to allow nonwhitelisted attributes to be used on a whitelisted HTML element.
Sanitize is a whitelist-based HTML sanitizer. Given a list of acceptable
elements and attributes, Sanitize will remove all unacceptable HTML from a
ruby-sanitize on Debian Linux
For the stable distribution (stretch), this problem has been fixed in
We recommend that you upgrade your ruby-sanitize packages.
For the detailed security status of ruby-sanitize please refer to its
security tracker page at:
Common Vulnerability Exposure (CVE) ID: CVE-2018-3740|
Debian Security Information: DSA-4358 (Google Search)
|Copyright||Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.