CVE-2018-3740 - log back

CVE-2018-3740 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
References
Notes
+ Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740.