Lucene search

DebianDEBIAN:DLA-3566-1:49D42

HistorySep 13, 2023 - 3:09 p.m.

[SECURITY] [DLA 3566-1] ruby-rails-html-sanitizer security update

2023-09-1315:09:12

lists.debian.org

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

39.6%

JSON

Debian LTS Advisory DLA-3566-1 [email protected]
https://www.debian.org/lts/security/ Sylvain Beucler
September 13, 2023 https://wiki.debian.org/LTS

Package : ruby-rails-html-sanitizer
Version : 1.0.4-1+deb10u2
CVE ID : CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520
Debian Bug : 1027153

Multiple vulnerabilities were discovered in Rails HTML Sanitizers, an
HTML sanitization library for Ruby on Rails applications. An attacker
could launch cross-site scripting (XSS) and denial-of-service (DoS)
attacks through crafted HTML/XML documents.

CVE-2022-23517

Certain configurations use an inefficient regular expression that
is susceptible to excessive backtracking when attempting to
sanitize certain SVG attributes. This may lead to a denial of
service through CPU resource consumption.

CVE-2022-23518

Cross-site scripting via data URIs when used in combination with
Loofah &gt;= 2.1.0.

CVE-2022-23519

XSS vulnerability with certain configurations of
Rails::Html::Sanitizer may allow an attacker to inject content if
the application developer has overridden the sanitizer&#x27;s allowed
tags in either of the following ways: allow both &quot;math&quot; and
&quot;style&quot; elements, or allow both &quot;svg&quot; and &quot;style&quot; elements.

CVE-2022-23520

XSS vulnerability with certain configurations of
Rails::Html::Sanitizer due to an incomplete fix of
CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to
inject content if the application developer has overridden the
sanitizer&#x27;s allowed tags to allow both &quot;select&quot; and &quot;style&quot;
elements.

For Debian 10 buster, these problems have been fixed in version
1.0.4-1+deb10u2.

We recommend that you upgrade your ruby-rails-html-sanitizer packages.

For the detailed security status of ruby-rails-html-sanitizer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rails-html-sanitizer

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10allruby-rails-html-sanitizer< 1.0.4-1+deb10u2ruby-rails-html-sanitizer_1.0.4-1+deb10u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	ruby-rails-html-sanitizer	< 1.0.4-1+deb10u2	ruby-rails-html-sanitizer_1.0.4-1+deb10u2_all.deb

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for DEBIAN:DLA-3566-1:49D42