Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-23520

Опубликовано: 14 дек. 2022
Источник: debian
EPSS Низкий

Описание

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-rails-html-sanitizerfixed1.4.4-1package

Примечания

  • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

  • https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md

  • https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d (v1.4.4)

  • https://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082 (v1.4.4)

  • https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c (v1.5.0)

  • https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0)

  • Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1.

EPSS

Процентиль: 60%
0.00392
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-23520

CVSS3: 6.1
ubuntu
около 3 лет назад

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

redhat логотип

CVE-2022-23520

CVSS3: 6.1
redhat
около 3 лет назад

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

nvd логотип

CVE-2022-23520

CVSS3: 6.1
nvd
около 3 лет назад

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

github логотип

GHSA-rrfc-7g8p-99q8

CVSS3: 6.1
github
около 3 лет назад

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

suse-cvrf логотип

SUSE-SU-2023:3714-1

suse-cvrf
больше 2 лет назад

Security update for rubygem-rails-html-sanitizer

EPSS

Процентиль: 60%
0.00392
Низкий