CVE-2020-4054, GHSA-p4x4-rw2p-8j8m
gem/sanitize
Cross-site Scripting
In Sanitize (RubyGem sanitize) there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's relaxed
config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist.
All versions starting from 3.0.0 before 5.2.1
Upgrade to version 5.2.1 or above.
2020-06-22
source |