CVE-2015-7579
published 2016-02-16CVE-2015-7579: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web…
PriorityP426medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
2.59%
83.3th percentile
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-rails-html-sanitizer | < ruby-rails-html-sanitizer 1.0.3-1 (bookworm) | ruby-rails-html-sanitizer 1.0.3-1 (bookworm) |
| rails | rails-html-sanitizer | >= 0 < 1.0.3 | 1.0.3 |
| rubyonrails | html_sanitizer | <= 1.0.2 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2015-7579: ruby-rails-html-sanitizer - Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 f...
vendor_debian·2015·CVSS 6.1
CVE-2015-7579 [MEDIUM] CVE-2015-7579: ruby-rails-html-sanitizer - Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 f...
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Scope: local
bookworm: resolved (fixed in 1.0.3-1)
bullseye: resolved (fixed in 1.0.3-1)
forky: resolved (fixed in 1.0.3-1)
sid: resolved (fixed in 1.0.3-1)
trixie: resolved (fixed in 1.0.3-1)
GHSA
rails-html-sanitizer Cross-site Scripting vulnerability
ghsa·2017-10-24
CVE-2015-7579 [MEDIUM] CWE-79 rails-html-sanitizer Cross-site Scripting vulnerability
rails-html-sanitizer Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the `Rails::Html::FullSanitizer` class.
OSV
rails-html-sanitizer Cross-site Scripting vulnerability
osv·2017-10-24
CVE-2015-7579 [MEDIUM] rails-html-sanitizer Cross-site Scripting vulnerability
rails-html-sanitizer Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the `Rails::Html::FullSanitizer` class.
OSV
CVE-2015-7579: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1
osv·2016-02-16·CVSS 6.1
CVE-2015-7579 [MEDIUM] CVE-2015-7579: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
No detection rules found.
No public exploits indexed.
HackerOne
[Rails42] We can inject HTML tags when server is using strip_tags method
hackerone·2016-03-13·CVSS 6.1
CVE-2015-7579 [MEDIUM] [Rails42] We can inject HTML tags when server is using strip_tags method
[Rails42] We can inject HTML tags when server is using strip_tags method
XSS vulnerability in rails-html-sanitizer
There is a XSS vulnerability in `Rails::Html::FullSanitizer` used by Action View's `strip_tags`.
This vulnerability has been assigned the CVE identifier CVE-2015-7579.
Versions Affected: 1.0.2
Not affected: 1.0.0, 1.0.1
Fixed Versions: 1.0.3
Impact
Due to the way that `Rails::Html::FullSanitizer` is implemented, if an attacker
passes an already escaped HTML entity to the input of Action View's `strip_tags`
these entities will be unescaped what may cause a XSS attack if used in combination
with `raw` or `html_safe`.
For example:
strip_tags(" alert('XSS') ")
Would generate:
alert('XSS')
After the fix it will generate:
alert('XSS')
All users running an affected release
Bugzilla
CVE-2015-7579 rubygem-rails-html-sanitizer: XSS vulnerability in Action View's strip_tags function
bugzilla·2016-01-26·CVSS 6.1
CVE-2015-7579 [MEDIUM] CVE-2015-7579 rubygem-rails-html-sanitizer: XSS vulnerability in Action View's strip_tags function
CVE-2015-7579 rubygem-rails-html-sanitizer: XSS vulnerability in Action View's strip_tags function
XSS vulnerability in `Rails::Html::FullSanitizer` used by Action View's `strip_tags` was reported. Due to the way that `Rails::Html::FullSanitizer` is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's `strip_tags` these entities will be unescaped what may cause a XSS attack if used in combination with `raw` or `html_safe`.
External References:
https://groups.google.com/forum/#!msg/rubyonrails-security/OU9ugTZcbjc/PjEP46pbFQAJ
http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/
Discussion:
Created rubygem-rails-html-sanitizer tracking bugs for this issue:
Aff
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178046.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178064.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttp://www.openwall.com/lists/oss-security/2016/01/25/12http://www.securitytracker.com/id/1034816https://github.com/rails/rails-html-sanitizer/commit/49dfc1584c5b8e35a4ffabf8356ba3df025e8d3fhttps://groups.google.com/forum/message/raw?msg=ruby-security-ann/OU9ugTZcbjc/uksRkSxZEgAJhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178046.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178064.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttp://www.openwall.com/lists/oss-security/2016/01/25/12http://www.securitytracker.com/id/1034816https://github.com/rails/rails-html-sanitizer/commit/49dfc1584c5b8e35a4ffabf8356ba3df025e8d3fhttps://groups.google.com/forum/message/raw?msg=ruby-security-ann/OU9ugTZcbjc/uksRkSxZEgAJ
2016-02-16
Published