CVE-2018-3740 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Insufficient validation |
Description | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-726 | gitlab | 11.0.0-1 | 11.0.1-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
04 Jul 2018 | ASA-201807-1 | AVG-726 | gitlab | Medium | multiple issues |
Notes |
---|
Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740. |