version 1.3.0 XSS Vulnerability
kaspatel-mdsol opened this issue · comments
Kashyap H Patel commented
Version 1.3.0 still has XSS vulnerabilities. Is there any plans to fix it?
Rafael Mendonça França commented
Which XSS vulnerabilities? Care to expand on that?
Andy Nicholson commented
@rafaelfranca bundle audit
reports vulnerabilities for 1.3.0, perhaps erroneously?
I just hit this on my Rails 5.2 app:
Name: rails-html-sanitizer
Version: 1.3.0
Advisory: CVE-2015-7578
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Title: Possible XSS vulnerability in rails-html-sanitizer
Solution: upgrade to ~> 1.0.3
Name: rails-html-sanitizer
Version: 1.3.0
Advisory: CVE-2015-7580
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Title: Possible XSS vulnerability in rails-html-sanitizer
Solution: upgrade to ~> 1.0.3
Name: rails-html-sanitizer
Version: 1.3.0
Advisory: CVE-2015-7579
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/OU9ugTZcbjc
Title: XSS vulnerability in rails-html-sanitizer
Solution: upgrade to ~> 1.0.3
Vulnerabilities found!
Rafael Mendonça França commented
Yes, that is an error on bundle audit.
Sean commented
Am still getting the same error.