CVE-2018-3741
published 2018-03-30CVE-2018-3741: There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.29%
66.6th percentile
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-rails-html-sanitizer | < ruby-rails-html-sanitizer 1.0.4-1 (bookworm) | ruby-rails-html-sanitizer 1.0.4-1 (bookworm) |
| linux | linux_kernel | >= 0 < 3.13.0-156.206 | 3.13.0-156.206 |
| rails | rails-html-sanitizer | <= 1.0.3 | — |
| rails | rails-html-sanitizer | >= 0 < 1.0.4 | 1.0.4 |
| rubyonrails | html_sanitizer | <= 1.0.3 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa6.1MEDIUM
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux regressions
osv·2018-08-17·CVSS 5.6
CVE-2018-3620 linux regressions
linux regressions
USN-3741-1 introduced mitigations in the Linux kernel for Ubuntu 14.04
LTS to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620,
CVE-2018-3646). Unfortunately, the update introduced regressions
that caused kernel panics when booting in some environments as well
as preventing Java applications from starting. This update fixes
the problems.
We apologize for the inconvenience.
Original advisory details:
It was discovered that memory present in the L1 data cache of an Intel CPU
core may be exposed to a malicious process that is executing on the CPU
core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local
attacker in a guest virtual machine could use this to expose sensitive
information (memory from other guests or the host OS). (CVE-2018-3
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2018-08-14·CVSS 5.6
linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that memory present in the L1 data cache of an Intel CPU
core may be exposed to a malicious process that is executing on the CPU
core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local
attacker in a guest virtual machine could use this to expose sensitive
information (memory from other guests or the host OS). (CVE-2018-3646)
It was discovered that memory present in the L1 data cache of an Intel CPU
core may be exposed to a malicious process that is executing on the CPU
core. This vulnerability is
GHSA
rails-html-sanitizer Cross-site Scripting vulnerability
ghsa·2018-04-26·CVSS 6.1
CVE-2018-3741 [MEDIUM] CWE-79 rails-html-sanitizer Cross-site Scripting vulnerability
rails-html-sanitizer Cross-site Scripting vulnerability
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
OSV
rails-html-sanitizer Cross-site Scripting vulnerability
osv·2018-04-26·CVSS 6.1
CVE-2018-3741 [MEDIUM] rails-html-sanitizer Cross-site Scripting vulnerability
rails-html-sanitizer Cross-site Scripting vulnerability
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
OSV
CVE-2018-3741: There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1
osv·2018-03-30·CVSS 6.1
CVE-2018-3741 [MEDIUM] CVE-2018-3741: There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
Red Hat
rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
vendor_redhat·2018-03-21·CVSS 6.1
CVE-2018-3741 [MEDIUM] CWE-79 rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
Statement: This issue affects the versions of rubygem-rails-html-sanitizer as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having a security
Debian
CVE-2018-3741: ruby-rails-html-sanitizer - There is a possible XSS vulnerability in all rails-html-sanitizer gem versions b...
vendor_debian·2018·CVSS 6.1
CVE-2018-3741 [MEDIUM] CVE-2018-3741: ruby-rails-html-sanitizer - There is a possible XSS vulnerability in all rails-html-sanitizer gem versions b...
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
Scope: local
bookworm: resolved (fixed in 1.0.4-1)
bullseye: resolved (fixed in 1.0.4-1)
forky: resolved (fixed in 1.0.4-1)
sid: resolved (fixed in 1.0.4-1)
trixie: resolved (fixed in 1.0.4-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-4054 rubygem-rails-html-sanitizer: XSS via crafted input
bugzilla·2020-06-19·CVSS 6.1
CVE-2020-4054 [MEDIUM] CVE-2020-4054 rubygem-rails-html-sanitizer: XSS via crafted input
CVE-2020-4054 rubygem-rails-html-sanitizer: XSS via crafted input
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scrip
Bugzilla
CVE-2018-3741 rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability [fedora-all]
bugzilla·2018-04-18·CVSS 6.1
CVE-2018-3741 [MEDIUM] CVE-2018-3741 rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability [fedora-all]
CVE-2018-3741 rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs b
Bugzilla
CVE-2018-3741 rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
bugzilla·2018-04-18·CVSS 6.1
CVE-2018-3741 [MEDIUM] CVE-2018-3741 rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
CVE-2018-3741 rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
Upstream fix:
https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
Discussion:
Created rubygem-rails-html-sanitizer tracki
HackerOne
XSS vulnerability in sanitize-method when parsing link's href
hackerone·2018-03-22·CVSS 6.1
CVE-2018-3741 [MEDIUM] XSS vulnerability in sanitize-method when parsing link's href
XSS vulnerability in sanitize-method when parsing link's href
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in rails-html-sanitizer. This
vulnerability has been assigned the CVE identifier CVE-2018-3741.
Versions Affected: 1.0.3 or older.
Not affected: None.
Fixed Versions: 1.0.4
Impact
There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted
attributes to be present in sanitized output when input with specially-crafted HTML fragments,
and these attributes can lead to an XSS attack on target applications.
This issue is similar to CVE-2018-8048 in Loofah.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
The FIXED releases are available at the
2018-03-30
Published