High severity7.5NVD Advisory· Published Mar 30, 2018· Updated Jun 17, 2026
CVE-2018-3740
CVE-2018-3740
Description
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sanitizeRubyGems | >= 3.0.0, < 4.6.3 | 4.6.3 |
Affected products
2- Ryan Grove/sanitize (ruby gem)v5Range: < 4.6.3
Patches
Vulnerability mechanics
References
9- github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46envdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-7f42-p84j-f58pghsaADVISORY
- github.com/rgrove/sanitize/issues/176nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-3740ghsaADVISORY
- about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-releasedghsaWEB
- github.com/rgrove/sanitize/commit/93feeb38e21864146bb29191792b971dbe1ec62eghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/sanitize/CVE-2018-3740.ymlghsaWEB
- www.debian.org/security/2018/dsa-4358nvdWEB
- about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/nvd
News mentions
0No linked articles in our index yet.