rails-html-sanitizer
RubyGems14 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting rails-html-sanitizerpage 1 of 1
- CVE-2015-7578MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.0.32016-02-16
vulnerable: 1.0.0, 1.0.1, 1.0.2
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
- CVE-2015-7579MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.0.32016-02-16
vulnerable: 1.0.0, 1.0.1, 1.0.2
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSan…
- CVE-2015-7580MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.0.32016-02-16
vulnerable: 1.0.0, 1.0.1, 1.0.2
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
- CVE-2018-3741MEDIUMCVSS 6.1✓ Fixed in 1.0.42018-03-30
vulnerable: 1.0.0, 1.0.1, 1.0.2, 1.0.3
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these at…
- CVE-2022-23517HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.42022-12-14
vulnerable: 1.0.0 ... 1.4.3 (12 versions)
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attemp…
- CVE-2022-23518MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.4.42022-12-14
vulnerable: 1.0.3 ... 1.4.3 (9 versions)
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched i…
- CVE-2022-23519HIGHCVSS 7.2EG 7.2✓ Fixed in 1.4.42022-12-14
vulnerable: 1.0.0 ... 1.4.3 (12 versions)
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if …
- CVE-2022-23520MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.4.42022-12-14
vulnerable: 1.0.0 ... 1.4.3 (12 versions)
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-20…
- CVE-2022-32209MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.4.32022-06-24
vulnerable: 1.0.0 ... 1.4.2 (11 versions)
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALL…
- CVE-2024-53985MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.6.12024-12-02
vulnerable: 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7,…
- CVE-2024-53986MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.6.12024-12-02
vulnerable: 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulner…
- CVE-2024-53987MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.6.12024-12-02
vulnerable: 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulner…
- CVE-2024-53988MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.6.12024-12-02
vulnerable: 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulner…
- CVE-2024-53989MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.6.12024-12-02
vulnerable: 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulner…
Check whether rails-html-sanitizer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for rails-html-sanitizer CVEs against the assets you own.
Start Free Scan →