Описание
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
An inefficient Regular Expression vulnerability was found in rubygem rails-html-sanitizer. Certain configurations are susceptible to excessive backtracking, leading to a denial of service through CPU resource consumption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Satellite 6 | tfm-ror51-rubygem-rails-html-sanitizer | Out of support scope | ||
| Red Hat Satellite 6 | tfm-ror52-rubygem-rails-html-sanitizer | Out of support scope | ||
| Red Hat Satellite 6 | tfm-rubygem-rails-html-sanitizer | Affected | ||
| Red Hat Satellite 6.13 for RHEL 8 | rubygem-rails-html-sanitizer | Fixed | RHSA-2023:2097 | 03.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...
Inefficient Regular Expression Complexity in rails-html-sanitizer
Уязвимость реализации конфигурации инструмента очистки HTML для приложений Rails Rails Html Sanitizer, связанная с неэффективной сложностью регулярных выражений, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3