Bugzilla – Bug 1086598
VUL-0: CVE-2018-3741: rubygem-rails-html-sanitizer: XSS vulnerability due to insufficient filtering in scrub_attribute
Last modified: 2023-01-31 05:21:38 UTC
CVE-2018-3741 From: Rafael Mendonça França Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2018-3741. Versions Affected: 1.0.3 or older. Not affected: None. Fixed Versions: 1.0.4 Impact ------ There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The FIXED releases are available at the normal locations. Workarounds ----------- There are no feasible workarounds for this issue. Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * 1-0-sanitize_attributes.patch - Patch for 1.0 series Credits ------- Thanks to Kaarlo Haikonen for reporting this issue and Mike Dalessio for providing the original fix in the Loofah gem. Affected: Storage 3/4 and Cloud (all SUSE:SLE-12:Update), SLE 15 and Build Service References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3741 http://seclists.org/oss-sec/2018/q1/262 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-3741.html
Created attachment 764715 [details] Upstream patch
SUSE-SU-2018:1082-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1085967,1086598 CVE References: CVE-2018-3741,CVE-2018-8048 Sources used: SUSE CaaS Platform ALL (src): sles12-velum-image-2.0.1-2.7.3
SUSE-SU-2019:2182-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1086598 CVE References: CVE-2018-3741 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): rubygem-rails-html-sanitizer-1.0.3-8.8.1 SUSE OpenStack Cloud Crowbar 8 (src): rubygem-rails-html-sanitizer-1.0.3-8.8.1 SUSE OpenStack Cloud 7 (src): rubygem-rails-html-sanitizer-1.0.3-8.8.1 SUSE Enterprise Storage 4 (src): rubygem-rails-html-sanitizer-1.0.3-8.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2209-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1086598 CVE References: CVE-2018-8048 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): rubygem-loofah-2.0.2-3.8.1 SUSE OpenStack Cloud Crowbar 8 (src): rubygem-loofah-2.0.2-3.8.1 SUSE OpenStack Cloud 7 (src): rubygem-loofah-2.0.2-3.8.1 SUSE Enterprise Storage 4 (src): rubygem-loofah-2.0.2-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.