CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Rails Html Sanitizer applications
is related to content injection if the application developer overrides the allowed tags “math” and
“style” or “svg” and “style”. Exploitation of the vulnerability could allow an attacker acting remotely,
conduct cross-site scripting attacks
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Rails Rails Html Sanitizer applications
is related to excessive backtracking when attempting to clean up certain SVG attributes.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
A vulnerability in the configuration implementation of the HTML cleaning tool configuration for Rails Rails Html Sanitizer applications
is related to the use of Rails in conjunction with Loofah. Exploitation of the vulnerability could allow an attacker,
acting remotely, to conduct cross-site scripting attacks
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | rubygem-rails-html-sanitizer | < 1.6.0-1 | UNKNOWN |