CVE-2022-23517
published 2022-12-14CVE-2022-23517: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.45%
70.2th percentile
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | ruby-rails-html-sanitizer | < ruby-rails-html-sanitizer 1.4.4-1 (bookworm) | ruby-rails-html-sanitizer 1.4.4-1 (bookworm) |
| rails | rails-html-sanitizer | < 1.4.4 | 1.4.4 |
| rails | rails-html-sanitizer | >= 0 < 1.4.4 | 1.4.4 |
| rubyonrails | rails_html_sanitizers | < 1.4.4 | 1.4.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-23517: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
osv·2022-12-14·CVSS 7.5
CVE-2022-23517 [HIGH] CVE-2022-23517: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
OSV
Inefficient Regular Expression Complexity in rails-html-sanitizer
osv·2022-12-13
CVE-2022-23517 [HIGH] Inefficient Regular Expression Complexity in rails-html-sanitizer
Inefficient Regular Expression Complexity in rails-html-sanitizer
## Summary
Certain configurations of rails-html-sanitizer `= 1.4.4`.
## Severity
The maintainers have evaluated this as [High Severity 7.5 (CVSS3.1)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
## References
- [CWE - CWE-1333: Inefficient Regular Expression Complexity (4.9)](https://cwe.mitre.org/data/definitions/1333.html)
- https://hackerone.com/reports/1684163
## Credit
This vulnerability was responsibly reported by @ooooooo-q (https://github.com/ooooooo-q).
GHSA
Inefficient Regular Expression Complexity in rails-html-sanitizer
ghsa·2022-12-13
CVE-2022-23517 [HIGH] CWE-1333 Inefficient Regular Expression Complexity in rails-html-sanitizer
Inefficient Regular Expression Complexity in rails-html-sanitizer
## Summary
Certain configurations of rails-html-sanitizer `= 1.4.4`.
## Severity
The maintainers have evaluated this as [High Severity 7.5 (CVSS3.1)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
## References
- [CWE - CWE-1333: Inefficient Regular Expression Complexity (4.9)](https://cwe.mitre.org/data/definitions/1333.html)
- https://hackerone.com/reports/1684163
## Credit
This vulnerability was responsibly reported by @ooooooo-q (https://github.com/ooooooo-q).
Red Hat
rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service
vendor_redhat·2022-12-13·CVSS 7.5
CVE-2022-23517 [HIGH] CWE-1333 rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service
rubygem-rails-html-sanitizer: Inefficient Regular Expression leading to denial of service
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
An inefficient Regular Expression vulnerability was found in rubygem rails-html-sanitizer. Certain configurations are susceptible to excessive backtracking, leading to a denial of service through CPU resource consumption.
Package: 3scale-amp-zync-container (Red Hat 3scale API Management Platform 2) - Will not
Debian
CVE-2022-23517: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
vendor_debian·2022·CVSS 7.5
CVE-2022-23517 [HIGH] CVE-2022-23517: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
Scope: local
bookworm: resolved (fixed in 1.4.4-1)
bullseye: resolved (fixed in 1.3.0-1+deb11u1)
forky: resolved (fixed in 1.4.4-1)
sid: resolved (fixed in 1.4.4-1)
trixie: resolved (fixed in 1.4.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8whttps://hackerone.com/reports/1684163https://lists.debian.org/debian-lts-announce/2023/09/msg00012.htmlhttps://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8whttps://hackerone.com/reports/1684163https://lists.debian.org/debian-lts-announce/2023/09/msg00012.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00045.html
2022-12-14
Published