USN-4543-1: Sanitize vulnerability

25 September 2020

Sanitize could be made to perform XSS attacks if it received specially crafted input.

Releases

Packages

  • ruby-sanitize - allowlist-based HTML and CSS sanitizer

Details

MichaƂ Bentkowski discovered that Sanitize did not properly sanitize some
math or svg HTML under certain circumstances. A remote attacker could
potentially exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2020-4054)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

In general, a standard system update will make all the necessary changes.

References