CVE-2018-3740 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Group Package Affected Fixed Severity Status Ticket
AVG-726 gitlab 11.0.0-1 11.0.1-1 Medium Fixed
Date Advisory Group Package Severity Description
04 Jul 2018 ASA-201807-1 AVG-726 gitlab Medium multiple issues
Notes
Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740.