def cve_2015_7579
if tracker.config.gem_version('rails-html-sanitizer''rails-html-sanitizer') == '1.0.2'
if uses_strip_tags?
confidence = :high
else
confidence = :medium
end
message = msg(msg_version("1.0.2", "rails-html-sanitizer"), " is vulnerable (CVE-2015-7579). Upgrade to ", msg_version("1.0.3", "rails-html-sanitizer"))
warn :warning_type => "Cross-Site Scripting",
:warning_code => :CVE_2015_7579,
:message => message,
:confidence => confidence,
:gem_info => gemfile_or_environment("rails-html-sanitizer""rails-html-sanitizer"),
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/OU9ugTZcbjc/PjEP46pbFQAJ"
end
end