{"id":"CVE-2018-3740","details":"A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.","aliases":["GHSA-7f42-p84j-f58p"],"modified":"2025-11-14T08:49:57.224575Z","published":"2018-03-30T19:29:00.270Z","references":[{"type":"WEB","url":"https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"},{"type":"FIX","url":"https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e"},{"type":"REPORT","url":"https://github.com/rgrove/sanitize/issues/176"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4358"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rgrove/sanitize","events":[{"introduced":"0"},{"fixed":"01629a162e448a83d901456d0ba8b65f3b03d46e"}]}],"versions":["release-1.0.0","release-1.0.1","release-1.0.2","release-1.0.3","release-1.0.4","release-1.0.5","release-1.0.6","release-1.0.7","release-1.0.8","release-1.1.0","release-1.2.0","release-1.2.1","release-2.0.0","release-2.0.1","release-2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.1.0","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.1.0","v3.1.1","v3.1.2","v4.0.0","v4.0.1","v4.1.0","v4.2.0","v4.3.0","v4.4.0","v4.5.0","v4.6.0","v4.6.1","v4.6.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-3740.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}