Merbinro

**Name of the Vulnerable Software and Affected Versions** RedCloth gem version 4.0.0 **Description** A Regular Expression Denial of Service (ReDoS) issue was discovered in the `sanitize html` function. This issue allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. The vulnerability is related to the use of a regular expression with inefficient computational complexity, which can be exploited by a remote attacker to cause a service disruption. **Recommendations** For RedCloth gem version 4.0.0, consider disabling the `sanitize html` function until a patch is available to prevent potential Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.