CVE-2024-53988
published 2024-12-02CVE-2024-53988: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.43%
34.8th percentile
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-rails-html-sanitizer | — | — |
| rails | rails-html-sanitizer | — | — |
| rails | rails-html-sanitizer | >= 1.6.0 < 1.6.1 | 1.6.1 |
| rubyonrails | rails_html_sanitizers | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.02.3LOWCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv2.3LOW
vendor_debian2.3LOW
vendor_redhat2.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-53988: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
osv·2024-12-02·CVSS 2.3
CVE-2024-53988 [LOW] CVE-2024-53988: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
GHSA
rails-html-sanitizer has XSS vulnerability with certain configurations
ghsa·2024-12-02
CVE-2024-53988 [LOW] CWE-79 rails-html-sanitizer has XSS vulnerability with certain configurations
rails-html-sanitizer has XSS vulnerability with certain configurations
## Summary
There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.
* Versions affected: 1.6.0
* Not affected:
```
see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize
3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:
```ruby
# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "malignmark"]
```
(note that this class may also be referenced as `Rails::Html::SafeListSanitizer`)
4. using a `:tags` options to the Rails::HTML5::Sa
OSV
rails-html-sanitizer has XSS vulnerability with certain configurations
osv·2024-12-02
CVE-2024-53988 [LOW] rails-html-sanitizer has XSS vulnerability with certain configurations
rails-html-sanitizer has XSS vulnerability with certain configurations
## Summary
There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.
* Versions affected: 1.6.0
* Not affected:
```
see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize
3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:
```ruby
# class-level option
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "mglyph"]
# or
Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "mtext", "table", "style", "malignmark"]
```
(note that this class may also be referenced as `Rails::Html::SafeListSanitizer`)
4. using a `:tags` options to the Rails::HTML5::Sa
Red Hat
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
vendor_redhat·2024-12-02·CVSS 2.3
CVE-2024-53988 [LOW] CWE-79 rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
A cross-site scripting (XSS) vulnerability was found in Rails::HTML::Sanitizer.
Debian
CVE-2024-53988: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
vendor_debian·2024·CVSS 2.3
CVE-2024-53988 [LOW] CVE-2024-53988: ruby-rails-html-sanitizer - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails appli...
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-02
Published