XSS vulnerability v1.2.0

Question

XSS vulnerability v1.2.0

likeuwill opened this issue 6 years ago · 2 comments

bundle audit check --update

+ bundle audit check --update
Updating ruby-advisory-db ...
Skipping update
ruby-advisory-db: 287 advisories
Name: rails-html-sanitizer
Version: 1.2.0
Advisory: CVE-2015-7578
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Title: Possible XSS vulnerability in rails-html-sanitizer
Solution: upgrade to ~> 1.0.3

Name: rails-html-sanitizer
Version: 1.2.0
Advisory: CVE-2015-7579
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/OU9ugTZcbjc
Title: XSS vulnerability in rails-html-sanitizer
Solution: upgrade to ~> 1.0.3

Name: rails-html-sanitizer
Version: 1.2.0
Advisory: CVE-2015-7580
Criticality: Unknown
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/uh--W4TDwmI
Title: Possible XSS vulnerability in rails-html-sanitizer
Solution: upgrade to ~> 1.0.3

Vulnerabilities found!

Answer 1 · 2019-08-09T20:05:09.000Z

This is not an issue on this repository. Report it to bundle audit.

Answer 2 · 2020-01-01T17:26:50.000Z

I had the same issue today on the latest version.
The thread on bundle-audit can be found here rubysec/bundler-audit#220

bundle exec bundle-audit --update

will updated ruby-advisory-db and fix the problem