# File lib/brakeman/checks/check_sanitize_methods.rb, line 96
  def warn_sanitizer_cve cve, link, upgrade_version
    message = msg(msg_version(tracker.config.gem_version('rails-html-sanitizer''rails-html-sanitizer'), "rails-html-sanitizer"), " is vulnerable ", msg_cve(cve), ". Upgrade to ", msg_version(upgrade_version, "rails-html-sanitizer"))

    if tracker.find_call(:target => false, :method => :sanitize).any?
      confidence = :high
    else
      confidence = :medium
    end

    warn :warning_type => "Cross-Site Scripting",
      :warning_code => cve.tr('-', '_').to_sym,
      :message => message,
      :gem_info => gemfile_or_environment('rails-html-sanitizer''rails-html-sanitizer'),
      :confidence => confidence,
      :link_path => link
  end