cvelistv5 - cve-2018-3740

CVE-2018-3740 (GCVE-0-2018-3740)

Vulnerability from cvelistv5 – Published: 2018-03-30 19:00 – Updated: 2024-08-05 04:50

Summary

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

Severity ?

No CVSS data available.

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Assigner

hackerone

References

URL

Tags

	https://www.debian.org/security/2018/dsa-4358	vendor-advisoryx_refsource_DEBIAN
	https://github.com/rgrove/sanitize/issues/176	x_refsource_CONFIRM
	https://about.gitlab.com/2018/06/25/security-rele…	x_refsource_CONFIRM
	https://github.com/rgrove/sanitize/commit/01629a1…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Ryan Grove	sanitize (ruby gem)	Affected: < 4.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4358",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4358"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rgrove/sanitize/issues/176"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sanitize (ruby gem)",
          "vendor": "Ryan Grove",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.6.3"
            }
          ]
        }
      ],
      "datePublic": "2018-03-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-28T10:57:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "name": "DSA-4358",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4358"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rgrove/sanitize/issues/176"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2018-3740",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "sanitize (ruby gem)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 4.6.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ryan Grove"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4358",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4358"
            },
            {
              "name": "https://github.com/rgrove/sanitize/issues/176",
              "refsource": "CONFIRM",
              "url": "https://github.com/rgrove/sanitize/issues/176"
            },
            {
              "name": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/",
              "refsource": "CONFIRM",
              "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
            },
            {
              "name": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e",
              "refsource": "CONFIRM",
              "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2018-3740",
    "datePublished": "2018-03-30T19:00:00",
    "dateReserved": "2017-12-28T00:00:00",
    "dateUpdated": "2024-08-05T04:50:30.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*\", \"versionEndIncluding\": \"4.6.0\", \"matchCriteriaId\": \"1F93BF3E-5C64-4376-9EE6-5638B5BCE8B8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.\"}, {\"lang\": \"es\", \"value\": \"Un fragmento HTML especialmente manipulado puede provocar que una gema Sanitize para Ruby permita que se utilicen atributos que no est\\u00e1n en una lista blanca en un elemento HTML que s\\u00ed est\\u00e1 en una lista blanca.\"}]",
      "id": "CVE-2018-3740",
      "lastModified": "2024-11-21T04:05:59.220",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-03-30T19:29:00.270",
      "references": "[{\"url\": \"https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/\", \"source\": \"support@hackerone.com\"}, {\"url\": \"https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rgrove/sanitize/issues/176\", \"source\": \"support@hackerone.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4358\", \"source\": \"support@hackerone.com\"}, {\"url\": \"https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rgrove/sanitize/issues/176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4358\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-3740\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2018-03-30T19:29:00.270\",\"lastModified\":\"2024-11-21T04:05:59.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.\"},{\"lang\":\"es\",\"value\":\"Un fragmento HTML especialmente manipulado puede provocar que una gema Sanitize para Ruby permita que se utilicen atributos que no est\u00e1n en una lista blanca en un elemento HTML que s\u00ed est\u00e1 en una lista blanca.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*\",\"versionEndIncluding\":\"4.6.0\",\"matchCriteriaId\":\"1F93BF3E-5C64-4376-9EE6-5638B5BCE8B8\"}]}]}],\"references\":[{\"url\":\"https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rgrove/sanitize/issues/176\",\"source\":\"support@hackerone.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4358\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rgrove/sanitize/issues/176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4358\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-7F42-P84J-F58P

Vulnerability from github – Published: 2018-03-21 11:56 – Updated: 2023-01-23 20:47

Summary

Sanitize vulnerable to Improper Input Validation and Cross-site Scripting

Details

When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements.

This can allow HTML and JavaScript injection, which could result in XSS if Sanitize's output is served to browsers.

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "sanitize"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "4.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-3740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:22:33Z",
    "nvd_published_at": "2018-03-30T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "When Sanitize \u003c= 4.6.2 is used in combination with libxml2 \u003e= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements.\n\nThis can allow HTML and JavaScript injection, which could result in XSS if Sanitize\u0027s output is served to browsers.",
  "id": "GHSA-7f42-p84j-f58p",
  "modified": "2023-01-23T20:47:11Z",
  "published": "2018-03-21T11:56:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3740"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rgrove/sanitize/issues/176"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rgrove/sanitize/commit/93feeb38e21864146bb29191792b971dbe1ec62e"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rgrove/sanitize"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sanitize/CVE-2018-3740.yml"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4358"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sanitize vulnerable to Improper Input Validation and Cross-site Scripting"
}

CNVD-2018-26968

Vulnerability from cnvd - Published: 2018-12-29

Title

Sanitize输入验证漏洞

Description

Sanitize（Ruby）是一款基于白名单的HTML和CSS清理程序。该程序能够删除字符串中不符合标准的HTML和CSS等。 Sanitize（Ruby）4.6.0及之前版本中存在输入验证漏洞。远程攻击者可借助特制的HTML片段利用该漏洞将未列入白名单的属性应用到被列入白名单的HTML元素上。

Severity

中

Patch Name

Sanitize输入验证漏洞的补丁

Patch Description

Sanitize（Ruby）是一款基于白名单的HTML和CSS清理程序。该程序能够删除字符串中不符合标准的HTML和CSS等。 Sanitize（Ruby）4.6.0及之前版本中存在输入验证漏洞。远程攻击者可借助特制的HTML片段利用该漏洞将未列入白名单的属性应用到被列入白名单的HTML元素上。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-3740

Impacted products

Name
Sanitize Sanitize <=4.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3740"
    }
  },
  "description": "Sanitize\uff08Ruby\uff09\u662f\u4e00\u6b3e\u57fa\u4e8e\u767d\u540d\u5355\u7684HTML\u548cCSS\u6e05\u7406\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u80fd\u591f\u5220\u9664\u5b57\u7b26\u4e32\u4e2d\u4e0d\u7b26\u5408\u6807\u51c6\u7684HTML\u548cCSS\u7b49\u3002\n\nSanitize\uff08Ruby\uff094.6.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u7247\u6bb5\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u672a\u5217\u5165\u767d\u540d\u5355\u7684\u5c5e\u6027\u5e94\u7528\u5230\u88ab\u5217\u5165\u767d\u540d\u5355\u7684HTML\u5143\u7d20\u4e0a\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-26968",
  "openTime": "2018-12-29",
  "patchDescription": "Sanitize\uff08Ruby\uff09\u662f\u4e00\u6b3e\u57fa\u4e8e\u767d\u540d\u5355\u7684HTML\u548cCSS\u6e05\u7406\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u80fd\u591f\u5220\u9664\u5b57\u7b26\u4e32\u4e2d\u4e0d\u7b26\u5408\u6807\u51c6\u7684HTML\u548cCSS\u7b49\u3002\r\n\r\nSanitize\uff08Ruby\uff094.6.0\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684HTML\u7247\u6bb5\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u672a\u5217\u5165\u767d\u540d\u5355\u7684\u5c5e\u6027\u5e94\u7528\u5230\u88ab\u5217\u5165\u767d\u540d\u5355\u7684HTML\u5143\u7d20\u4e0a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sanitize\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Sanitize Sanitize \u003c=4.6.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3740",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-29",
  "title": "Sanitize\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e"
}

FKIE_CVE-2018-3740

Vulnerability from fkie_nvd - Published: 2018-03-30 19:29 - Updated: 2024-11-21 04:05

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

References

URL	Tags
support@hackerone.com	https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
support@hackerone.com	https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e	Patch, Third Party Advisory
support@hackerone.com	https://github.com/rgrove/sanitize/issues/176	Issue Tracking, Third Party Advisory
support@hackerone.com	https://www.debian.org/security/2018/dsa-4358
af854a3a-2127-422b-91ae-364da2661108	https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rgrove/sanitize/issues/176	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4358

Impacted products

	Vendor	Product	Version
	sanitize_project	sanitize	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "1F93BF3E-5C64-4376-9EE6-5638B5BCE8B8",
              "versionEndIncluding": "4.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element."
    },
    {
      "lang": "es",
      "value": "Un fragmento HTML especialmente manipulado puede provocar que una gema Sanitize para Ruby permita que se utilicen atributos que no est\u00e1n en una lista blanca en un elemento HTML que s\u00ed est\u00e1 en una lista blanca."
    }
  ],
  "id": "CVE-2018-3740",
  "lastModified": "2024-11-21T04:05:59.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-30T19:29:00.270",
  "references": [
    {
      "source": "support@hackerone.com",
      "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rgrove/sanitize/issues/176"
    },
    {
      "source": "support@hackerone.com",
      "url": "https://www.debian.org/security/2018/dsa-4358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rgrove/sanitize/issues/176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4358"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-3740

Vulnerability from gsd - Updated: 2018-03-19 00:00

Details

When Sanitize gem is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS if Sanitize's output is served to browsers.

Aliases

CVE-2018-3740

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-3740",
    "description": "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.",
    "id": "GSD-2018-3740",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-3740.html",
      "https://www.debian.org/security/2018/dsa-4358",
      "https://security.archlinux.org/CVE-2018-3740"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "sanitize",
            "purl": "pkg:gem/sanitize"
          }
        }
      ],
      "aliases": [
        "CVE-2018-3740",
        "GHSA-7f42-p84j-f58p"
      ],
      "details": "When Sanitize gem is used in combination with libxml2 \u003e= 2.9.2,\na specially crafted HTML fragment can cause libxml2 to generate\nimproperly escaped output, allowing non-whitelisted attributes to be\nused on whitelisted elements.\n\nThis can allow HTML and JavaScript injection, which could result in XSS\nif Sanitize\u0027s output is served to browsers.\n",
      "id": "GSD-2018-3740",
      "modified": "2018-03-19T00:00:00.000Z",
      "published": "2018-03-19T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/rgrove/sanitize/issues/176"
        },
        {
          "type": "WEB",
          "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 7.5,
          "type": "CVSS_V3"
        }
      ],
      "summary": "HTML injection/XSS in Sanitize"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2018-3740",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "sanitize (ruby gem)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 4.6.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Ryan Grove"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (CWE-79)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-4358",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4358"
          },
          {
            "name": "https://github.com/rgrove/sanitize/issues/176",
            "refsource": "CONFIRM",
            "url": "https://github.com/rgrove/sanitize/issues/176"
          },
          {
            "name": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/",
            "refsource": "CONFIRM",
            "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
          },
          {
            "name": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e",
            "refsource": "CONFIRM",
            "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2018-3740",
      "cvss_v3": 7.5,
      "date": "2018-03-19",
      "description": "When Sanitize gem is used in combination with libxml2 \u003e= 2.9.2,\na specially crafted HTML fragment can cause libxml2 to generate\nimproperly escaped output, allowing non-whitelisted attributes to be\nused on whitelisted elements.\n\nThis can allow HTML and JavaScript injection, which could result in XSS\nif Sanitize\u0027s output is served to browsers.\n",
      "gem": "sanitize",
      "ghsa": "7f42-p84j-f58p",
      "patched_versions": [
        "~\u003e 2.1.1",
        "\u003e= 4.6.3"
      ],
      "related": {
        "url": [
          "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
        ]
      },
      "title": "HTML injection/XSS in Sanitize",
      "unaffected_versions": [
        "\u003c 1.1.0"
      ],
      "url": "https://github.com/rgrove/sanitize/issues/176"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=1.1.0 \u003c4.6.3",
          "affected_versions": "All versions starting from 1.1.0 before 4.6.3",
          "credit": "Shopify Application Security Team",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2018-12-28",
          "description": "When sanitize is used in combination with libxml2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing attributes that are not specified in the allowlist to be used. This can allow HTML and JavaScript injection, which could result in XSS if the output is served to browsers.",
          "fixed_versions": [
            "4.6.3"
          ],
          "identifier": "CVE-2018-3740",
          "identifiers": [
            "CVE-2018-3740"
          ],
          "not_impacted": "Prior to 1.1.0 or using libxml2 prior to 2.9.2",
          "package_slug": "gem/sanitize",
          "pubdate": "2018-03-30",
          "solution": "Upgrade to 4.6.3",
          "title": "HTML injection/XSS",
          "urls": [
            "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e",
            "https://github.com/rgrove/sanitize/issues/176"
          ],
          "uuid": "a6c2ee2e-6663-42cb-b49a-431f4ba14a01"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2018-3740"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rgrove/sanitize/issues/176",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/rgrove/sanitize/issues/176"
            },
            {
              "name": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"
            },
            {
              "name": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
            },
            {
              "name": "DSA-4358",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2018/dsa-4358"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-12-28T16:29Z",
      "publishedDate": "2018-03-30T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-3740 (GCVE-0-2018-3740)

GHSA-7F42-P84J-F58P

CNVD-2018-26968

FKIE_CVE-2018-3740

GSD-2018-3740

Tags

Sightings

Nomenclature