rails-html-sanitizer 1.4.2 is vulnerable to cross-site scripting when `select` and `style` tags are allowed (CVE-2022-32209). Upgrade to 1.4.3 or newer

Drieam / LtiLauncher

An extraction layer to simplify the setup and launching of LTI tools.

https://drieam.github.io/LtiLauncher/

MIT License

7 stars 1 forks source link

rails-html-sanitizer 1.4.2 is vulnerable to cross-site scripting when `select` and `style` tags are allowed (CVE-2022-32209). Upgrade to 1.4.3 or newer #61

Closed DrieamBot closed 6 months ago

DrieamBot commented 2 years ago

Brakeman found a rails-html-sanitizer 1.4.2 is vulnerable to cross-site scripting when select and style tags are allowed (CVE-2022-32209). Upgrade to 1.4.3 or newer with a Weak confidence in the code:

  null

Which corresponds to:

https://github.com/Drieam/LtiLauncher/blob/100d7d1351306ccb7d810088bb951df6fe6ec762/Gemfile.lock#L203

The fingerprint (b2b8818e646bf1c277a27eae9a0e98766968d4d38e3b2e1e59b0fe1fa37218dc) is used to identify this issue so please don't remove this :warning: