Rubyonrails Rails Html Sanitizers vulnerabilities

10 known vulnerabilities affecting rubyonrails/rails_html_sanitizers.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4LOW5

Vulnerabilities

Page 1 of 1
CVE-2024-53988LOWCVSS 2.3v1.6.02024-12-02
CVE-2024-53988 [LOW] CWE-79 CVE-2024-53988: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 saniti
nvd
CVE-2024-53986LOWCVSS 2.3v1.6.02024-12-02
CVE-2024-53986 [LOW] CWE-79 CVE-2024-53986: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 saniti
nvd
CVE-2024-53985LOWCVSS 2.3v1.6.02024-12-02
CVE-2024-53985 [LOW] CWE-79 CVE-2024-53985: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacke
nvd
CVE-2024-53989LOWCVSS 2.3v1.6.02024-12-02
CVE-2024-53989 [LOW] CWE-79 CVE-2024-53989: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 saniti
nvd
CVE-2024-53987LOWCVSS 2.3v1.6.02024-12-02
CVE-2024-53987 [LOW] CWE-79 CVE-2024-53987: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 saniti
nvd
CVE-2022-23517HIGHCVSS 7.5fixed in 1.4.42022-12-14
CVE-2022-23517 [HIGH] CWE-1333 CVE-2022-23517: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain con rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. T
nvd
CVE-2022-23520MEDIUMCVSS 6.1fixed in 1.4.42022-12-14
CVE-2022-23520 [MEDIUM] CWE-79 CVE-2022-23520: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to ve rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overrid
nvd
CVE-2022-23519MEDIUMCVSS 6.1fixed in 1.4.42022-12-14
CVE-2022-23519 [MEDIUM] CWE-79 CVE-2022-23519: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to ve rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both
nvd
CVE-2022-23518MEDIUMCVSS 6.1≥ 1.0.3, < 1.4.42022-12-14
CVE-2022-23518 [MEDIUM] CWE-79 CVE-2022-23518: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, = 2.1.0. This issue is patched in version 1.4.4.
nvd
CVE-2022-32209MEDIUMCVSS 6.1fixed in 1.4.32022-06-24
CVE-2022-32209 [MEDIUM] CWE-79 CVE-2022-32209: # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with cer # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rail
nvd