Summary
rails-html-sanitizer >= 1.0.3, < 1.4.4 is vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0.
Mitigation
Upgrade to rails-html-sanitizer >= 1.4.4.
Severity
The maintainers have evaluated this as Medium Severity 6.1.
References
Credit
This vulnerability was independently reported by Maciej Piechota (@haqpl) and Mrinmoy Das (@goromlagche).
Summary
rails-html-sanitizer
>= 1.0.3, < 1.4.4is vulnerable to cross-site scripting via data URIs when used in combination with Loofah>= 2.1.0.Mitigation
Upgrade to rails-html-sanitizer
>= 1.4.4.Severity
The maintainers have evaluated this as Medium Severity 6.1.
References
Credit
This vulnerability was independently reported by Maciej Piechota (@haqpl) and Mrinmoy Das (@goromlagche).