USN-4543-1: Sanitize vulnerability

25 September 2020

Sanitize could be made to perform XSS attacks if it received specially crafted input.



  • ruby-sanitize - allowlist-based HTML and CSS sanitizer


MichaƂ Bentkowski discovered that Sanitize did not properly sanitize some
math or svg HTML under certain circumstances. A remote attacker could
potentially exploit this to conduct cross-site scripting (XSS) attacks.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

In general, a standard system update will make all the necessary changes.