CVE-2018-3740 log

Severity Medium
Remote Yes
Type Insufficient validation
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Group Package Affected Fixed Severity Status Ticket
AVG-726 gitlab 11.0.0-1 11.0.1-1 Medium Fixed
Date Advisory Group Package Severity Type
04 Jul 2018 ASA-201807-1 AVG-726 gitlab Medium multiple issues
Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740.