CVE-2022-23519

2022-12-1417:15:11

CWE-79

[email protected]

web.nvd.nist.gov

rails-html-sanitizer

xss

vulnerability

fixed

v1.4.4

html

fragments

rails::html::sanitizer

configurations

overridden

allowed tags

math

style

svg.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.1%

JSON

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer’s allowed tags in either of the following ways: allow both “math” and “style” elements, or allow both “svg” and “style” elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include “math” or “svg” and “style” should either upgrade or use the following workaround immediately: Remove “style” from the overridden allowed tags, or remove “math” and “svg” from the overridden allowed tags.

Affected configurations

Nvd

Node

rubyonrailsrails_html_sanitizersRange<1.4.4rails

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
rubyonrailsrails_html_sanitizers*cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubyonrails	rails_html_sanitizers	*	cpe:2.3:a:rubyonrails:rails_html_sanitizers::::::rails::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*