rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 10.0 | |
loofah | ge | 2.1.0 | |
loofah | lt | 2.19.1 | |
rails_html_sanitizers | ge | 1.0.3 | |
rails_html_sanitizers | lt | 1.4.4 |