CVE-2018-3740 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Insufficient validation |
| Description | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-726 | gitlab | 11.0.0-1 | 11.0.1-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 04 Jul 2018 | ASA-201807-1 | AVG-726 | gitlab | Medium | multiple issues |
| Notes |
|---|
Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740. |