Identifier

CVE-2020-4054

Package Slug

gem/sanitize

Vulnerability

Cross-site Scripting

Description

When HTML is sanitized using the 'relaxed' config with sanitize, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly.

Affected Versions

All versions starting from 3.0.0 before 5.2.1

Solution

Upgrade to version 5.2.1 or above.

Last Modified

2020-06-22

source