Описание
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
A Cross-site scripting vulnerability was found in rails-html-sanitizer. When used in combination with Loofah since version 2.1.0, improper neutralization of data URIs may allow Cross-site scripting.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Satellite 6 | satellite:el8/rubygem-rails-html-sanitizer | Affected | ||
| Red Hat Satellite 6 | tfm-ror51-rubygem-rails-html-sanitizer | Out of support scope | ||
| Red Hat Satellite 6 | tfm-ror52-rubygem-rails-html-sanitizer | Out of support scope | ||
| Red Hat Satellite 6.13 for RHEL 8 | rubygem-rails-html-sanitizer | Fixed | RHSA-2023:2097 | 03.05.2023 |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Уязвимость реализации конфигурации инструмента очистки HTML для приложений Rails Rails Html Sanitizer, связанная с неправильной нейтрализацией входных данных во время генерации веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
6.1 Medium
CVSS3