Ubuntu Security Notice 4543-1 - MichaĆ Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting attacks.
f1ead2388e6d83f5478a5993f2cf6dac7612668cdf51da8b4a35267b82aa59e9
Debian Linux Security Advisory 4730-1 - Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the "relaxed" or a custom config allowing certain elements. Content in a <math> or <svg> element may not be sanitized correctly even if math and svg are not in the allowlist.
841aefd63808ad7adc10707677debc3dc7eae1c4b7ed749e71ba9b880b422a23