rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| rails-html-sanitizer(RubyGems) | 1.0.3 | 1.4.4 | N/A |
CVSS Metrics
