---

CVE-2018-3740 - log back

CVE-2018-3740 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Insufficient validation
Description	+ A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
References
Notes	+ Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740.