CVE-2022-23518
published 2022-12-14CVE-2022-23518: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, = 2.1.0. This issue is patched in version 1.4.4.
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.87%
54.1th percentile
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, = 2.1.0. This issue is patched in version 1.4.4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | ruby-rails-html-sanitizer | < ruby-rails-html-sanitizer 1.4.4-1 (bookworm) | ruby-rails-html-sanitizer 1.4.4-1 (bookworm) |
| loofah_project | loofah | >= 2.1.0 < 2.19.1 | 2.19.1 |
| rails | rails-html-sanitizer | — | — |
| rails | rails-html-sanitizer | >= 1.0.3 < 1.4.4 | 1.4.4 |
| rubyonrails | rails_html_sanitizers | >= 1.0.3 < 1.4.4 | 1.4.4 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-23518: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
osv·2022-12-14·CVSS 6.1
CVE-2022-23518 [MEDIUM] CVE-2022-23518: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, = 2.1.0. This issue is patched in version 1.4.4.
GHSA
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
ghsa·2022-12-13
CVE-2022-23518 [MEDIUM] CWE-79 Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
## Summary
rails-html-sanitizer `>= 1.0.3, = 2.1.0`.
## Mitigation
Upgrade to rails-html-sanitizer `>= 1.4.4`.
## Severity
The maintainers have evaluated this as [Medium Severity 6.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
## References
- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)
- [SVG MIME Type (image/svg+xml) is misleading to developers · Issue #266 · w3c/svgwg](https://github.com/w3c/svgwg/issues/266)
- https://github.com/rails/rails-html-sanitizer/issues/135
- https://hackerone.com/reports/1694173
## Credit
This vulnerability was indepen
OSV
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
osv·2022-12-13
CVE-2022-23518 [MEDIUM] Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
## Summary
rails-html-sanitizer `>= 1.0.3, = 2.1.0`.
## Mitigation
Upgrade to rails-html-sanitizer `>= 1.4.4`.
## Severity
The maintainers have evaluated this as [Medium Severity 6.1](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
## References
- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)
- [SVG MIME Type (image/svg+xml) is misleading to developers · Issue #266 · w3c/svgwg](https://github.com/w3c/svgwg/issues/266)
- https://github.com/rails/rails-html-sanitizer/issues/135
- https://hackerone.com/reports/1694173
## Credit
This vulnerability was indepen
Red Hat
rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting
vendor_redhat·2022-12-13·CVSS 6.1
CVE-2022-23518 [MEDIUM] CWE-79 rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting
rubygem-rails-html-sanitizer: Improper neutralization of data URIs leading to Cross site scripting
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, = 2.1.0. This issue is patched in version 1.4.4.
A Cross-site scripting vulnerability was found in rails-html-sanitizer. When used in combination with Loofah since version 2.1.0, improper neutralization of data URIs may allow Cross-site scripting.
Package: 3scale-amp-zync-container (Red Hat 3scale API Management Platform 2) - Will not fix
Package: satellite:el8/rubygem-rails-html-sanitizer (Red Hat Satellite 6) - Affected
Package: tfm-ror51-rubygem-rails-html-sanitizer (Red Hat Satellite 6) - Out of support scope
Package: tfm-ror52-rubygem-rails-html-sanitizer (Red Hat Satellite 6
Debian
CVE-2022-23518: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
vendor_debian·2022·CVSS 6.1
CVE-2022-23518 [MEDIUM] CVE-2022-23518: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, = 2.1.0. This issue is patched in version 1.4.4.
Scope: local
bookworm: resolved (fixed in 1.4.4-1)
bullseye: resolved (fixed in 1.3.0-1+deb11u1)
forky: resolved (fixed in 1.4.4-1)
sid: resolved (fixed in 1.4.4-1)
trixie: resolved (fixed in 1.4.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/rails/rails-html-sanitizer/issues/135https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72mhttps://hackerone.com/reports/1694173https://lists.debian.org/debian-lts-announce/2023/09/msg00012.htmlhttps://github.com/rails/rails-html-sanitizer/issues/135https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72mhttps://hackerone.com/reports/1694173https://lists.debian.org/debian-lts-announce/2023/09/msg00012.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00045.html
2022-12-14
Published