Vulnerabilites related to rubyonrails - rails_html_sanitizers
Vulnerability from fkie_nvd
Published
2022-12-14 17:15
Modified
2025-02-13 17:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://hackerone.com/reports/1656627 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1656627 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Antes de la versi\u00f3n 1.4.4, una posible vulnerabilidad XSS con ciertas configuraciones de Rails::Html::Sanitizer pod\u00eda permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n hab\u00eda anulado las etiquetas permitidas del sanitizador de cualquiera de las siguientes maneras: permitir ambas \"math \" y \"syle\", o permitir elementos \"svg\" y \"style\". El c\u00f3digo solo se ve afectado si se anulan las etiquetas permitidas. . Este problema se solucion\u00f3 en la versi\u00f3n 1.4.4. Todos los usuarios que anulen las etiquetas permitidas para incluir \"math\" o \"svg\" y \"style\" deben actualizar o utilizar el siguiente workaround inmediatamente: eliminar \"style\" de las etiquetas permitidas anuladas, o eliminar \"math\" y \"svg\" de la etiquetas permitidas anuladas."
}
],
"id": "CVE-2022-23519",
"lastModified": "2025-02-13T17:15:37.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T17:15:11.067",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1656627"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1656627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-02 22:15
Modified
2025-08-15 18:53
Severity ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed. This vulnerability is fixed in 1.6.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*",
"matchCriteriaId": "546282EA-EF7B-445D-9A46-8DBCC1B5C554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags where the \"style\" element is explicitly allowed and the \"svg\" or \"math\" element is not allowed. This vulnerability is fixed in 1.6.1."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0. Una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\u00f3n HTML5 est\u00e1 habilitada y el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del desinfectante donde el elemento \"style\" est\u00e1 expl\u00edcitamente permitido y el elemento \"svg\" o \"math\" no est\u00e1 permitido. Esta vulnerabilidad se corrigi\u00f3 en 1.6.1."
}
],
"id": "CVE-2024-53987",
"lastModified": "2025-08-15T18:53:05.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-02T22:15:11.473",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-02 22:15
Modified
2025-08-15 18:51
Severity ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*",
"matchCriteriaId": "546282EA-EF7B-445D-9A46-8DBCC1B5C554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags where the \"math\", \"mtext\", \"table\", and \"style\" elements are allowed and either either \"mglyph\" or \"malignmark\" are allowed. This vulnerability is fixed in 1.6.1."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0. Una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\u00f3n HTML5 est\u00e1 habilitada y el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del desinfectante donde se permiten los elementos \"math\", \"mtext\", \"table\" y \"style\" y se permiten \"mglyph\" o \"malignmark\". Esta vulnerabilidad se corrigi\u00f3 en 1.6.1."
}
],
"id": "CVE-2024-53988",
"lastModified": "2025-08-15T18:51:56.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-02T22:15:11.610",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 17:15
Modified
2024-11-21 06:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer \u003c 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Ciertas configuraciones de rails-html-sanitizer \u0026lt; 1.4.4 utilizan una expresi\u00f3n regular ineficiente que es susceptible a un retroceso excesivo al intentar sanitizar ciertos atributos SVG. Esto puede provocar una denegaci\u00f3n de servicio a trav\u00e9s del consumo de recursos de CPU. Este problema se ha corregido en la versi\u00f3n 1.4.4."
}
],
"id": "CVE-2022-23517",
"lastModified": "2024-11-21T06:48:43.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T17:15:10.130",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1684163"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1684163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-24 15:15
Modified
2024-11-21 07:05
Severity ?
Summary
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"matchCriteriaId": "2A94FBF3-C2F8-4479-88CA-864656B1E034",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user)."
},
{
"lang": "es",
"value": "# Una Posible vulnerabilidad XSS en Rails::Html::Sanitizer Se presenta una posible vulnerabilidad XSS con determinadas configuraciones de Rails::Html::Sanitizer. Esta vulnerabilidad le ha sido asignada el identificador CVE CVE-2022-32209. Versiones afectadas: TODAS No se han visto afectadas: NONE Versiones Corregidas: v1.4.3## Impacto Una posible vulnerabilidad de tipo XSS con determinadas configuraciones de Rails::Html::Sanitizer puede permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del saneador para permitir tanto los elementos \"select\" como \"style\". El c\u00f3digo s\u00f3lo est\u00e1 afectado si son anuladas las etiquetas permitidas. Esto puede hacerse por medio de la configuraci\u00f3n de la aplicaci\u00f3n: \"\"ruby# En config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]\"\" vea https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr puede hacerse con una opci\u00f3n \":tags\" al ayudante de la Visualizaci\u00f3n de Acci\u00f3n \"sanitize\":\"\"(%= sanitize @comment.body, tags: [\"select\", \"style\"] %)\"\" vea https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr puede hacerse con Rails::Html::SafeListSanitizer directamente:\" ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]\"\"\"o\"\"\"ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article. body, tags: [\"select\", \"style\"])\"\"\"Todos los usuarios que sobrescriban las etiquetas permitidas por cualquiera de los mecanismos anteriores para incluir tanto \"select\" como \"style\" deben actualizar o usar una de las mitigaciones inmediatamente. ## Versiones Las versiones CORREGIDAS est\u00e1n disponibles en las ubicaciones habituales. ## Soluciones Eliminar \"select\" o \"style\" de las etiquetas permitidas sobre establecidas. ## Cr\u00e9ditos Esta vulnerabilidad fue reportada responsablemente por [windshock](https://hackerone.com/windshock?type=user)"
}
],
"id": "CVE-2022-32209",
"lastModified": "2024-11-21T07:05:55.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:11.153",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1530898"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1530898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-02 22:15
Modified
2025-08-15 19:41
Severity ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*",
"matchCriteriaId": "546282EA-EF7B-445D-9A46-8DBCC1B5C554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags with both \"math\" and \"style\" elements or both both \"svg\" and \"style\" elements. This vulnerability is fixed in 1.6.1."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0 y Nokogiri \u0026lt; 1.15.7, o 1.16.x \u0026lt; 1.16.8. La vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\u00f3n HTML5 est\u00e1 habilitada y el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del desinfectante con elementos \"math\" y \"style\" o ambos elementos \"svg\" y \"style\". Esta vulnerabilidad se corrigi\u00f3 en 1.6.1."
}
],
"id": "CVE-2024-53985",
"lastModified": "2025-08-15T19:41:49.843",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-02T22:15:11.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-02 21:15
Modified
2025-08-15 19:41
Severity ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*",
"matchCriteriaId": "546282EA-EF7B-445D-9A46-8DBCC1B5C554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags for the the \"noscript\" element. This vulnerability is fixed in 1.6.1."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0. Una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\u00f3n HTML5 est\u00e1 habilitada y el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del desinfectante para el elemento \"noscript\". Esta vulnerabilidad se corrigi\u00f3 en 1.6.1."
}
],
"id": "CVE-2024-53989",
"lastModified": "2025-08-15T19:41:58.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-02T21:15:11.433",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 18:15
Modified
2025-02-13 17:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://hackerone.com/reports/1654310 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1654310 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D",
"versionEndExcluding": "1.4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Antes de la versi\u00f3n 1.4.4, existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::Html::Sanitizer debido a una soluci\u00f3n incompleta de CVE-2022-32209. Rails::Html::Sanitizer puede permitir que un atacante inyecte contenido si el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del sanitizador para permitir elementos de \"select\" y \"style\". El c\u00f3digo solo se ve afectado si se anulan las etiquetas permitidas. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.4. Todos los usuarios que anulen las etiquetas permitidas para incluir \"select\" y \"style\" deben actualizar o utilizar el workaround: eliminar \"select\" o \"style\" de las etiquetas permitidas anuladas. NOTA: El c\u00f3digo _no_ se ve afectado si las etiquetas permitidas se anulan usando la opci\u00f3n :tags para el m\u00e9todo auxiliar sanitizador de Action View o la opci\u00f3n :tags para el m\u00e9todo de instancia SafeListSanitizer#sanitize."
}
],
"id": "CVE-2022-23520",
"lastModified": "2025-02-13T17:15:38.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T18:15:17.560",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1654310"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1654310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-02 22:15
Modified
2025-08-15 18:54
Severity ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | 1.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*",
"matchCriteriaId": "546282EA-EF7B-445D-9A46-8DBCC1B5C554",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags where the \"math\" and \"style\" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0. Una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\u00f3n HTML5 est\u00e1 habilitada y el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del desinfectante donde los elementos \"math\" y \"style\" est\u00e1n expl\u00edcitamente permitidos. Esta vulnerabilidad se corrigi\u00f3 en 1.6.1."
}
],
"id": "CVE-2024-53986",
"lastModified": "2025-08-15T18:54:58.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-12-02T22:15:11.343",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-14 17:15
Modified
2024-11-21 06:48
Severity ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | * | |
| debian | debian_linux | 10.0 | |
| loofah_project | loofah | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"matchCriteriaId": "B07277FF-73C7-4F2C-8515-8927193955B2",
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:loofah_project:loofah:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "68F8B0CB-F78F-410C-942F-7FA80481474D",
"versionEndExcluding": "2.19.1",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions \u003e= 1.0.3, \u003c 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah \u003e= 2.1.0. This issue is patched in version 1.4.4."
},
{
"lang": "es",
"value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Las versiones \u0026gt;= 1.0.3, \u0026lt; 1.4.4 son vulnerables a Cross-Site Scripting (XSS) a trav\u00e9s de URI de datos cuando se usan en combinaci\u00f3n con Loofah \u0026gt;= 2.1.0. Este problema est\u00e1 parcheado en la versi\u00f3n 1.4.4."
}
],
"id": "CVE-2022-23518",
"lastModified": "2024-11-21T06:48:43.957",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T17:15:10.713",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/issues/135"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m"
},
{
"source": "security-advisories@github.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1694173"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/issues/135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1694173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
CVE-2022-23518 (GCVE-0-2022-23518)
Vulnerability from cvelistv5
Published
2022-12-14 16:22
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: >= 1.0.3, < 1.4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/issues/135",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rails/rails-html-sanitizer/issues/135"
},
{
"name": "https://hackerone.com/reports/1694173",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1694173"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.3, \u003c 1.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions \u003e= 1.0.3, \u003c 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah \u003e= 2.1.0. This issue is patched in version 1.4.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:06:20.153Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/issues/135",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/issues/135"
},
{
"name": "https://hackerone.com/reports/1694173",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1694173"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"source": {
"advisory": "GHSA-mcvf-2q2m-x72m",
"discovery": "UNKNOWN"
},
"title": "Improper neutralization of data URIs allows XSS in rails-html-sanitizer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23518",
"datePublished": "2022-12-14T16:22:34.460Z",
"dateReserved": "2022-01-19T21:23:53.779Z",
"dateUpdated": "2025-02-13T16:32:17.595Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53985 (GCVE-0-2024-53985)
Vulnerability from cvelistv5
Published
2024-12-02 21:15
Modified
2024-12-11 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: >= 1.6.0, < 1.6.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T16:47:47.095368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T16:47:59.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags with both \"math\" and \"style\" elements or both both \"svg\" and \"style\" elements. This vulnerability is fixed in 1.6.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:50:15.526Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505"
}
],
"source": {
"advisory": "GHSA-w8gc-x259-rc7x",
"discovery": "UNKNOWN"
},
"title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53985",
"datePublished": "2024-12-02T21:15:57.620Z",
"dateReserved": "2024-11-25T23:14:36.380Z",
"dateUpdated": "2024-12-11T16:47:59.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23520 (GCVE-0-2022-23520)
Vulnerability from cvelistv5
Published
2022-12-14 17:07
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: < 1.4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8"
},
{
"name": "https://hackerone.com/reports/1654310",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1654310"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:06:16.967Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8"
},
{
"name": "https://hackerone.com/reports/1654310",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1654310"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"source": {
"advisory": "GHSA-rrfc-7g8p-99q8",
"discovery": "UNKNOWN"
},
"title": "rails-html-sanitizer contains an incomplete fix for an XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23520",
"datePublished": "2022-12-14T17:07:31.954Z",
"dateReserved": "2022-01-19T21:23:53.780Z",
"dateUpdated": "2025-02-13T16:32:18.705Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53987 (GCVE-0-2024-53987)
Vulnerability from cvelistv5
Published
2024-12-02 21:15
Modified
2024-12-03 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed. This vulnerability is fixed in 1.6.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: >= 1.6.0, < 1.6.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:33:13.990311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:33:22.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags where the \"style\" element is explicitly allowed and the \"svg\" or \"math\" element is not allowed. This vulnerability is fixed in 1.6.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:50:05.064Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e"
}
],
"source": {
"advisory": "GHSA-2x5m-9ch4-qgrr",
"discovery": "UNKNOWN"
},
"title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53987",
"datePublished": "2024-12-02T21:15:48.975Z",
"dateReserved": "2024-11-25T23:14:36.380Z",
"dateUpdated": "2024-12-03T14:33:22.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53989 (GCVE-0-2024-53989)
Vulnerability from cvelistv5
Published
2024-12-02 21:07
Modified
2024-12-03 14:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: >= 1.6.0, < 1.6.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:35:22.159547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:35:25.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags for the the \"noscript\" element. This vulnerability is fixed in 1.6.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:49:42.557Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f"
}
],
"source": {
"advisory": "GHSA-rxv5-gxqc-xx8g",
"discovery": "UNKNOWN"
},
"title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53989",
"datePublished": "2024-12-02T21:07:04.296Z",
"dateReserved": "2024-11-25T23:14:36.381Z",
"dateUpdated": "2024-12-03T14:35:25.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53986 (GCVE-0-2024-53986)
Vulnerability from cvelistv5
Published
2024-12-02 21:13
Modified
2024-12-03 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: >= 1.6.0, < 1.6.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:33:42.695853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:33:51.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags where the \"math\" and \"style\" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:50:27.034Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e"
}
],
"source": {
"advisory": "GHSA-638j-pmjw-jq48",
"discovery": "UNKNOWN"
},
"title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53986",
"datePublished": "2024-12-02T21:13:01.441Z",
"dateReserved": "2024-11-25T23:14:36.380Z",
"dateUpdated": "2024-12-03T14:33:51.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23519 (GCVE-0-2022-23519)
Vulnerability from cvelistv5
Published
2022-12-14 16:50
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: < 1.4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
},
{
"name": "https://hackerone.com/reports/1656627",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1656627"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:06:15.408Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
},
{
"name": "https://hackerone.com/reports/1656627",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1656627"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"source": {
"advisory": "GHSA-9h9g-93gc-623h",
"discovery": "UNKNOWN"
},
"title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23519",
"datePublished": "2022-12-14T16:50:14.949Z",
"dateReserved": "2022-01-19T21:23:53.779Z",
"dateUpdated": "2025-02-13T16:32:18.150Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32209 (GCVE-0-2022-32209)
Vulnerability from cvelistv5
Published
2022-06-24 00:00
Modified
2024-08-03 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic ()
Summary
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rails/rails-html-sanitizer |
Version: v1.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1530898"
},
{
"name": "FEDORA-2022-ce4719993c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"name": "FEDORA-2022-974fffb418",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
},
{
"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails-html-sanitizer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Generic (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1530898"
},
{
"name": "FEDORA-2022-ce4719993c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"name": "FEDORA-2022-974fffb418",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
},
{
"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32209",
"datePublished": "2022-06-24T00:00:00",
"dateReserved": "2022-06-01T00:00:00",
"dateUpdated": "2024-08-03T07:32:56.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53988 (GCVE-0-2024-53988)
Vulnerability from cvelistv5
Published
2024-12-02 21:09
Modified
2024-12-03 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: >= 1.6.0, < 1.6.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T14:34:13.985525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:34:23.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags where the \"math\", \"mtext\", \"table\", and \"style\" elements are allowed and either either \"mglyph\" or \"malignmark\" are allowed. This vulnerability is fixed in 1.6.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T21:49:54.055Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72"
}
],
"source": {
"advisory": "GHSA-cfjx-w229-hgx5",
"discovery": "UNKNOWN"
},
"title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53988",
"datePublished": "2024-12-02T21:09:56.440Z",
"dateReserved": "2024-11-25T23:14:36.381Z",
"dateUpdated": "2024-12-03T14:34:23.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23517 (GCVE-0-2022-23517)
Vulnerability from cvelistv5
Published
2022-12-14 16:10
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: < 1.4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979"
},
{
"name": "https://hackerone.com/reports/1684163",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1684163"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T17:07:58.712366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T20:06:05.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rails-html-sanitizer",
"vendor": "rails",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer \u003c 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:06:18.564Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w"
},
{
"name": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979"
},
{
"name": "https://hackerone.com/reports/1684163",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1684163"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
}
],
"source": {
"advisory": "GHSA-5x79-w82f-gw8w",
"discovery": "UNKNOWN"
},
"title": "Inefficient Regular Expression Complexity in rails-html-sanitizer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23517",
"datePublished": "2022-12-14T16:10:22.304Z",
"dateReserved": "2022-01-19T21:23:53.778Z",
"dateUpdated": "2025-02-13T16:32:17.030Z",
"requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}