Sanitize 2.1.1 includes this fix, as per

rgrove/sanitize#176 (comment)
reedloden · Oct 18, 2018 · b07c486 · b07c486
1 parent 2807804
commit b07c486
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/gems/sanitize/CVE-2018-3740.yml b/gems/sanitize/CVE-2018-3740.yml
@@ -5,7 +5,7 @@ date: 2018-03-19
 url: https://github.com/rgrove/sanitize/issues/176
 title: HTML injection/XSS in Sanitize
 description: |
-  When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2,
+  When Sanitize gem is used in combination with libxml2 >= 2.9.2,
   a specially crafted HTML fragment can cause libxml2 to generate
   improperly escaped output, allowing non-whitelisted attributes to be
   used on whitelisted elements.
@@ -15,6 +15,7 @@ description: |
 unaffected_versions:
   - "< 1.1.0"
 patched_versions:
+  - "~> 2.1.1"
   - ">= 4.6.3"
 related:
   url: