There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SP4 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.2 SUSE Manager Server 4.3 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9