Lucene search

CVE-2022-23517 Inefficient Regular Expression Complexity in rails-html-sanitizer

🗓️ 14 Dec 2022 16:22:10Reported by GitHub_MType

rails-html-sanitizer CVE-2022-23517 patch 1.4.

Reporter	Title	Published	Views	Family All 31
Vulnrichment	CVE-2022-23517 Inefficient Regular Expression Complexity in rails-html-sanitizer	14 Dec 202216:10	–	vulnrichment
OSV	Inefficient Regular Expression Complexity in rails-html-sanitizer	13 Dec 202217:43	–	osv
OSV	CVE-2022-23517	14 Dec 202217:15	–	osv
OSV	ruby-rails-html-sanitizer - security update	13 Sep 202300:00	–	osv
OSV	OPENSUSE-SU-2024:12769-1 ruby3.1-rubygem-rails-html-sanitizer-1.5.0-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	DLA-3902-1 ruby-rails-html-sanitizer - security update	28 Sep 202400:00	–	osv
OSV	OPENSUSE-SU-2024:14175-1 ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5 on GA media	12 Jul 202400:00	–	osv
OSV	RHSA-2023:2097 Red Hat Security Advisory: Satellite 6.13 Release	30 Sep 202416:32	–	osv
Github Security Blog	Inefficient Regular Expression Complexity in rails-html-sanitizer	13 Dec 202217:43	–	github
UbuntuCve	CVE-2022-23517	14 Dec 202200:00	–	ubuntucve

[
  {
    "vendor": "rails",
    "product": "rails-html-sanitizer",
    "versions": [
      {
        "version": "< 1.4.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
lists	www.lists.debian.org/debian-lts-announce/2023/09/msg00012.html
hackerone	www.hackerone.com/reports/1684163
github	www.github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Dec 2022 16:10Current

7.5High risk

Vulners AI Score7.5

CVSS37.5

EPSS0.00147

CWE-1333