Vulnerability Details : CVE-2018-3740
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Vulnerability category: Cross site scripting (XSS)Input validation
Exploit prediction scoring system (EPSS) score for CVE-2018-3740
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-3740
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-3740
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: support@hackerone.com (Secondary)
References for CVE-2018-3740
-
https://www.debian.org/security/2018/dsa-4358
Debian -- Security Information -- DSA-4358-1 ruby-sanitize
-
https://github.com/rgrove/sanitize/issues/176
[CVE-2018-3740] Sanitize HTML injection vulnerability · Issue #176 · rgrove/sanitize · GitHubIssue Tracking;Third Party Advisory
-
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
GitLab Security Release: 11.0.1, 10.8.5, and 10.7.6 | GitLab
-
https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e
fix: Prevent code injection due to improper escaping in libxml2 >= 2.9.2 · rgrove/sanitize@01629a1 · GitHubPatch;Third Party Advisory
Products affected by CVE-2018-3740
- cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*