MichaĆ Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2020-4054)
{ "availability": "No subscription needed", "binaries": [ { "ruby-sanitize": "4.6.6-2.1~0.20.04.1" } ] }