USN-4543-1: Sanitize vulnerability
25 September 2020
Sanitize could be made to perform XSS attacks if it received specially crafted input.
- ruby-sanitize - allowlist-based HTML and CSS sanitizer
Michał Bentkowski discovered that Sanitize did not properly sanitize some
math or svg HTML under certain circumstances. A remote attacker could
potentially exploit this to conduct cross-site scripting (XSS) attacks.