A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Gitlab bundles this dep: The sanitize gem is updated to version 4.6.4 due to versions < 4.6.3 being affected by CVE-2018-3740.