CVE-2023-36823

2023-07-0600:00:00

ubuntu.com

sanitize

html

css

cross-site scripting

cve-2023-36823

security vulnerability

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

30.8%

JSON

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully
crafted input, an attacker may be able to sneak arbitrary HTML and CSS
through Sanitize starting with version 3.0.0 and prior to version 6.0.2
when Sanitize is configured to use the built-in “relaxed” config or when
using a custom config that allows style elements and one or more CSS
at-rules. This could result in cross-site scripting or other undesired
behavior when the malicious HTML and CSS are rendered in a browser.
Sanitize 6.0.2 performs additional escaping of CSS in style element
content, which fixes this issue. Users who are unable to upgrade can
prevent this issue by using a Sanitize config that doesn’t allow style
elements, using a Sanitize config that doesn’t allow CSS at-rules, or by
manually escaping the character sequence </ as <\/ in style element
content.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchruby-sanitize< 4.6.6-2.1~0.20.04.2UNKNOWN
ubuntu22.04noarchruby-sanitize< 6.0.0-1ubuntu0.1UNKNOWN
ubuntu23.10noarchruby-sanitize< 6.0.0-1.1ubuntu0.23.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	ruby-sanitize	< 4.6.6-2.1~0.20.04.2	UNKNOWN
ubuntu	22.04	noarch	ruby-sanitize	< 6.0.0-1ubuntu0.1	UNKNOWN
ubuntu	23.10	noarch	ruby-sanitize	< 6.0.0-1.1ubuntu0.23.10.1	UNKNOWN