|Description||A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|stretch (security), stretch||2.1.0-2+deb9u1||fixed|
|bullseye, sid, buster||4.6.6-2||fixed|
The information below is based on the following data on fixed versions.
[jessie] - ruby-sanitize <ignored> (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1)
Fixes for 2.1.x: https://github.com/rgrove/sanitize/compare/v2.1.0...v2.1.1
Only an issue in combination with libxml2 >= 2.9.2
The 'fragment' method was renamed from 'clean' method in earlier version