VYPR
High severity7.5NVD Advisory· Published Mar 30, 2018· Updated Jun 17, 2026

CVE-2018-3740

CVE-2018-3740

Description

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sanitizeRubyGems
>= 3.0.0, < 4.6.34.6.3

Affected products

2
  • ghsa-coords
    Range: >= 3.0.0, < 4.6.3
  • Ryan Grove/sanitize (ruby gem)v5
    Range: < 4.6.3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.