Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-an3h-1c9y-f3bp |
|---|
| Summary | Moderate severity vulnerability that affects rails-html-sanitizer
Withdrawn, accidental duplicate publish.
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class. |
|---|
| Aliases |
| 0 |
| alias |
GHSA-mrhj-2g4v-39qx |
|
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
| 0 |
| url |
pkg:gem/rails-html-sanitizer@1.0.2 |
| purl |
pkg:gem/rails-html-sanitizer@1.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2ece-9xu2-z7ea |
|
| 1 |
| vulnerability |
VCID-327c-vdne-j7ar |
|
| 2 |
| vulnerability |
VCID-6158-4ade-h7ba |
|
| 3 |
| vulnerability |
VCID-63em-3vdj-j3cu |
|
| 4 |
| vulnerability |
VCID-782b-usu3-bbhd |
|
| 5 |
| vulnerability |
VCID-an3h-1c9y-f3bp |
|
| 6 |
| vulnerability |
VCID-apxn-up79-x3ge |
|
| 7 |
| vulnerability |
VCID-cphr-tdzs-x7ar |
|
| 8 |
| vulnerability |
VCID-ete9-xwuw-puf8 |
|
| 9 |
| vulnerability |
VCID-nc6s-6usd-gkeb |
|
| 10 |
| vulnerability |
VCID-rhb1-h2b8-jucb |
|
| 11 |
| vulnerability |
VCID-rz3c-6h7r-6bam |
|
| 12 |
| vulnerability |
VCID-ueen-aybd-tqh2 |
|
| 13 |
| vulnerability |
VCID-ujza-s7ug-9fcp |
|
| 14 |
| vulnerability |
VCID-xby9-avva-a3e5 |
|
| 15 |
| vulnerability |
VCID-zcs7-hzze-u3a5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.0.2 |
|
|
|---|
| References |
|
|---|
| Weaknesses |
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 4.0 - 6.9 |
|---|
| Exploitability | 0.5 |
|---|
| Weighted_severity | 6.2 |
|---|
| Risk_score | 3.1 |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-an3h-1c9y-f3bp |
|---|