CVE-2022-23519
published 2022-12-14CVE-2022-23519: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain…
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.99%
58.1th percentile
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | ruby-rails-html-sanitizer | < ruby-rails-html-sanitizer 1.4.4-1 (bookworm) | ruby-rails-html-sanitizer 1.4.4-1 (bookworm) |
| rails | rails-html-sanitizer | < 1.4.4 | 1.4.4 |
| rails | rails-html-sanitizer | >= 0 < 1.4.4 | 1.4.4 |
| rubyonrails | rails_html_sanitizers | < 1.4.4 | 1.4.4 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations
vendor_redhat·2022-12-13·CVSS 7.2
CVE-2022-23519 [HIGH] CWE-79 rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations
rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden all
Debian
CVE-2022-23519: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
vendor_debian·2022·CVSS 7.2
CVE-2022-23519 [HIGH] CVE-2022-23519: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
Scope: local
bookworm:
OSV
CVE-2022-23519: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
osv·2022-12-14·CVSS 6.1
CVE-2022-23519 [MEDIUM] CVE-2022-23519: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
OSV
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
osv·2022-12-13
CVE-2022-23519 [MEDIUM] Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
## Summary
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
- Versions affected: ALL
- Not affected: NONE
- Fixed versions: 1.4.4
## Impact
A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways:
- allow both "math" and "style" elements,
- or allow both "svg" and "style" elements
Code is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways:
1. using application configuration:
```ruby
# In config/application.rb
config.action_view.sanitize
GHSA
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
ghsa·2022-12-13
CVE-2022-23519 [MEDIUM] CWE-79 Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
## Summary
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
- Versions affected: ALL
- Not affected: NONE
- Fixed versions: 1.4.4
## Impact
A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways:
- allow both "math" and "style" elements,
- or allow both "svg" and "style" elements
Code is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways:
1. using application configuration:
```ruby
# In config/application.rb
config.action_view.sanitize
No detection rules found.
No public exploits indexed.
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623hhttps://hackerone.com/reports/1656627https://lists.debian.org/debian-lts-announce/2023/09/msg00012.htmlhttps://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623hhttps://hackerone.com/reports/1656627https://lists.debian.org/debian-lts-announce/2023/09/msg00012.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00045.html
2022-12-14
Published