CVE-2018-3741

rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.

Es posible que haya una vulnerabilidad Cross-Site Scripting (XSS) en todas las versiones inferiores a la 1.0.4 de la gema rails-html-sanitizer para Ruby. La gema permite que los atributos que no están en una lista blanca estén presentes en las salidas saneadas cuando la entrada incluye fragmentos HTML especialmente manipulados. Estos atributos pueden conducir a un ataque Cross-Site Scripting (XSS) en las aplicaciones objetivo. Este problema es similar a CVE-2018-8048 en Loofah. Todos los usuarios que ejecuten una distribución afectada deben actualizarla o utilizar una de las alternativas inmediatamente.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-12-28 CVE Reserved
2018-03-30 CVE Published
2024-02-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae	2023-01-30

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2018-3741	2019-02-07
https://bugzilla.redhat.com/show_bug.cgi?id=1568842	2019-02-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rubyonrails Search vendor "Rubyonrails"		Html Sanitizer Search vendor "Rubyonrails" for product "Html Sanitizer"				<= 1.0.3 Search vendor "Rubyonrails" for product "Html Sanitizer" and version " <= 1.0.3"		ruby		Affected