CVE-2018-3740

Publication date 30 March 2018

Last updated 24 July 2024

Ubuntu priority

Why this priority?

Cvss 3 Severity Score

Score breakdown

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ruby-sanitize	18.10 cosmic	Not affected
	18.04 LTS bionic	Fixed 2.1.0-2+deb9u1build0.18.04.1
	17.10 artful	Ignored end of life
	16.04 LTS xenial	Fixed 2.1.0-2+deb9u1build0.16.04.1
	14.04 LTS trusty	Not in release

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	High
Availability impact	None
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

Other references