Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-32209 (GCVE-0-2022-32209)
Vulnerability from cvelistv5 – Published: 2022-06-24 00:00 – Updated: 2025-11-03 21:46
VLAI
EPSS
Summary
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic (CWE-79)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://hackerone.com/reports/1530898 | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | https://github.com/rails/rails-html-sanitizer |
Affected:
v1.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:46:21.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1530898"
},
{
"name": "FEDORA-2022-ce4719993c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"name": "FEDORA-2022-974fffb418",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
},
{
"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/rails/rails-html-sanitizer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Generic (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-06T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1530898"
},
{
"name": "FEDORA-2022-ce4719993c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"name": "FEDORA-2022-974fffb418",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
},
{
"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32209",
"datePublished": "2022-06-24T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:46:21.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-32209",
"date": "2026-05-27",
"epss": "0.05478",
"percentile": "0.90314"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*\", \"versionEndExcluding\": \"1.4.3\", \"matchCriteriaId\": \"2A94FBF3-C2F8-4479-88CA-864656B1E034\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\\\"select\\\", \\\"style\\\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\\\"select\\\", \\\"style\\\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\\\"select\\\", \\\"style\\\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\\\"select\\\", \\\"style\\\"])```All users overriding the allowed tags by any of the above mechanisms to include both \\\"select\\\" and \\\"style\\\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).\"}, {\"lang\": \"es\", \"value\": \"# Una Posible vulnerabilidad XSS en Rails::Html::Sanitizer Se presenta una posible vulnerabilidad XSS con determinadas configuraciones de Rails::Html::Sanitizer. Esta vulnerabilidad le ha sido asignada el identificador CVE CVE-2022-32209. Versiones afectadas: TODAS No se han visto afectadas: NONE Versiones Corregidas: v1.4.3## Impacto Una posible vulnerabilidad de tipo XSS con determinadas configuraciones de Rails::Html::Sanitizer puede permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\\u00f3n ha anulado las etiquetas permitidas del saneador para permitir tanto los elementos \\\"select\\\" como \\\"style\\\". El c\\u00f3digo s\\u00f3lo est\\u00e1 afectado si son anuladas las etiquetas permitidas. Esto puede hacerse por medio de la configuraci\\u00f3n de la aplicaci\\u00f3n: \\\"\\\"ruby# En config/application.rbconfig.action_view.sanitized_allowed_tags = [\\\"select\\\", \\\"style\\\"]\\\"\\\" vea https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr puede hacerse con una opci\\u00f3n \\\":tags\\\" al ayudante de la Visualizaci\\u00f3n de Acci\\u00f3n \\\"sanitize\\\":\\\"\\\"(%= sanitize @comment.body, tags: [\\\"select\\\", \\\"style\\\"] %)\\\"\\\" vea https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr puede hacerse con Rails::Html::SafeListSanitizer directamente:\\\" ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\\\"select\\\", \\\"style\\\"]\\\"\\\"\\\"o\\\"\\\"\\\"ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article. body, tags: [\\\"select\\\", \\\"style\\\"])\\\"\\\"\\\"Todos los usuarios que sobrescriban las etiquetas permitidas por cualquiera de los mecanismos anteriores para incluir tanto \\\"select\\\" como \\\"style\\\" deben actualizar o usar una de las mitigaciones inmediatamente. ## Versiones Las versiones CORREGIDAS est\\u00e1n disponibles en las ubicaciones habituales. ## Soluciones Eliminar \\\"select\\\" o \\\"style\\\" de las etiquetas permitidas sobre establecidas. ## Cr\\u00e9ditos Esta vulnerabilidad fue reportada responsablemente por [windshock](https://hackerone.com/windshock?type=user)\"}]",
"id": "CVE-2022-32209",
"lastModified": "2024-11-21T07:05:55.693",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2022-06-24T15:15:11.153",
"references": "[{\"url\": \"https://hackerone.com/reports/1530898\", \"source\": \"support@hackerone.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/1530898\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-32209\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2022-06-24T15:15:11.153\",\"lastModified\":\"2025-11-03T22:15:58.770\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\\\"select\\\", \\\"style\\\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\\\"select\\\", \\\"style\\\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\\\"select\\\", \\\"style\\\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\\\"select\\\", \\\"style\\\"])```All users overriding the allowed tags by any of the above mechanisms to include both \\\"select\\\" and \\\"style\\\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).\"},{\"lang\":\"es\",\"value\":\"# Una Posible vulnerabilidad XSS en Rails::Html::Sanitizer Se presenta una posible vulnerabilidad XSS con determinadas configuraciones de Rails::Html::Sanitizer. Esta vulnerabilidad le ha sido asignada el identificador CVE CVE-2022-32209. Versiones afectadas: TODAS No se han visto afectadas: NONE Versiones Corregidas: v1.4.3## Impacto Una posible vulnerabilidad de tipo XSS con determinadas configuraciones de Rails::Html::Sanitizer puede permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del saneador para permitir tanto los elementos \\\"select\\\" como \\\"style\\\". El c\u00f3digo s\u00f3lo est\u00e1 afectado si son anuladas las etiquetas permitidas. Esto puede hacerse por medio de la configuraci\u00f3n de la aplicaci\u00f3n: \\\"\\\"ruby# En config/application.rbconfig.action_view.sanitized_allowed_tags = [\\\"select\\\", \\\"style\\\"]\\\"\\\" vea https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr puede hacerse con una opci\u00f3n \\\":tags\\\" al ayudante de la Visualizaci\u00f3n de Acci\u00f3n \\\"sanitize\\\":\\\"\\\"(%= sanitize @comment.body, tags: [\\\"select\\\", \\\"style\\\"] %)\\\"\\\" vea https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr puede hacerse con Rails::Html::SafeListSanitizer directamente:\\\" ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\\\"select\\\", \\\"style\\\"]\\\"\\\"\\\"o\\\"\\\"\\\"ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article. body, tags: [\\\"select\\\", \\\"style\\\"])\\\"\\\"\\\"Todos los usuarios que sobrescriban las etiquetas permitidas por cualquiera de los mecanismos anteriores para incluir tanto \\\"select\\\" como \\\"style\\\" deben actualizar o usar una de las mitigaciones inmediatamente. ## Versiones Las versiones CORREGIDAS est\u00e1n disponibles en las ubicaciones habituales. ## Soluciones Eliminar \\\"select\\\" o \\\"style\\\" de las etiquetas permitidas sobre establecidas. ## Cr\u00e9ditos Esta vulnerabilidad fue reportada responsablemente por [windshock](https://hackerone.com/windshock?type=user)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*\",\"versionEndExcluding\":\"1.4.3\",\"matchCriteriaId\":\"2A94FBF3-C2F8-4479-88CA-864656B1E034\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://hackerone.com/reports/1530898\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1530898\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-540
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Ruby on Rails. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | N/A | Rails::Html::Sanitizer versions antérieures à 1.4.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Rails::Html::Sanitizer versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32209"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-540",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails. Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails ce9PhUANQ6s du 10 juin 2022",
"url": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s"
}
]
}
CERTFR-2022-AVI-540
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Ruby on Rails. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | N/A | Rails::Html::Sanitizer versions antérieures à 1.4.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Rails::Html::Sanitizer versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32209"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-540",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails. Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails ce9PhUANQ6s du 10 juin 2022",
"url": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s"
}
]
}
BDU:2022-06004
Vulnerability from fstec - Published: 05.04.2022
VLAI
Title
Уязвимость реализации конфигурации инструмента очистки HTML для приложений Rails Rails Html Sanitizer, позволяющая нарушителю проводить межсайтовые сценарные атаки
Description
Уязвимость реализации конфигурации инструмента очистки HTML для приложений Rails Rails Html Sanitizer связана с некорректным использованием элементов select и style при переопределении разрешенных тегов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки
Severity
Vendor
Fedora Project, ООО «Ред Софт», Rails Core Team, АО "НППКТ"
Software Name
Fedora, РЕД ОС (запись в едином реестре российских программ №3751), Rails Html Sanitizer, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
35 (Fedora), 7.3 (РЕД ОС), 36 (Fedora), до 1.4.3 (Rails Html Sanitizer), 37 (Fedora), до 2.7 (ОСОН ОСнова Оnyx), до 2.9 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для Rails Html Sanitizer :
https://rubygems.org/gems/rails-html-sanitizer
https://github.com/advisories/GHSA-pg8v-g4xq-hww9
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/
https://koji.fedoraproject.org/koji/buildinfo?buildID=2042403
https://src.fedoraproject.org/rpms/rubygem-rails-html-sanitizer
Компенсирующие меры:
При невозможности обновления необходимо удалить элемент select или style из переопределенных разрешенных тегов.
Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения ruby-rails-html-sanitizer до версии 1.0.4-1+deb10u1
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения ruby-rails-html-sanitizer до версии 1.0.4-1+deb10u2
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://hackerone.com/reports/1530898
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/
https://nvd.nist.gov/vuln/detail/CVE-2022-32209
https://bugzilla.redhat.com/show_bug.cgi?id=2101882
https://src.fedoraproject.org/rpms/rubygem-rails-html-sanitizer
https://koji.fedoraproject.org/koji/buildinfo?buildID=2042403
https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Fedora Project, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Rails Core Team, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "35 (Fedora), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 36 (Fedora), \u0434\u043e 1.4.3 (Rails Html Sanitizer), 37 (Fedora), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Rails Html Sanitizer :\nhttps://rubygems.org/gems/rails-html-sanitizer\nhttps://github.com/advisories/GHSA-pg8v-g4xq-hww9\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/\nhttps://koji.fedoraproject.org/koji/buildinfo?buildID=2042403\nhttps://src.fedoraproject.org/rpms/rubygem-rails-html-sanitizer\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u041f\u0440\u0438 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u044d\u043b\u0435\u043c\u0435\u043d\u0442 select \u0438\u043b\u0438 style \u0438\u0437 \u043f\u0435\u0440\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0442\u0435\u0433\u043e\u0432.\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ruby-rails-html-sanitizer \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.0.4-1+deb10u1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ruby-rails-html-sanitizer \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.0.4-1+deb10u2\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.10.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06004",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-32209",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Fedora, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Rails Html Sanitizer, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Fedora Project Fedora 35 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Fedora Project Fedora 36 , Fedora Project Fedora 37 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 HTML \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Rails Rails Html Sanitizer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 HTML \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Rails Rails Html Sanitizer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 select \u0438 style \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0442\u0435\u0433\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://hackerone.com/reports/1530898 \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32209\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2101882\nhttps://src.fedoraproject.org/rpms/rubygem-rails-html-sanitizer\nhttps://koji.fedoraproject.org/koji/buildinfo?buildID=2042403\nhttps://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}
CNVD-2022-58235
Vulnerability from cnvd - Published: 2022-08-11
VLAI
Title
Rails跨站脚本漏洞(CNVD-2022-58235)
Description
Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。
Rails存在跨站脚本漏洞,该漏洞源于程序缺少对用户提供的数据和输出的数据校验过滤。攻击者可利用该漏洞在客户端执行JavaScript代码。
Severity
中
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/rails/rails-html-sanitizer
Reference
https://hackerone.com/reports/1530898
Impacted products
| Name | Rails Rails <v1.4.3 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-32209",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-32209"
}
},
"description": "Rails\u662fRails\u56e2\u961f\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\u3002\n\nRails\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5ba2\u6237\u7aef\u6267\u884cJavaScript\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/rails/rails-html-sanitizer",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-58235",
"openTime": "2022-08-11",
"products": {
"product": "Rails Rails \u003cv1.4.3"
},
"referenceLink": "https://hackerone.com/reports/1530898",
"serverity": "\u4e2d",
"submitTime": "2022-06-28",
"title": "Rails\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-58235\uff09"
}
FKIE_CVE-2022-32209
Vulnerability from fkie_nvd - Published: 2022-06-24 15:15 - Updated: 2025-11-03 22:15
Severity
Summary
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rubyonrails | rails_html_sanitizers | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"matchCriteriaId": "2A94FBF3-C2F8-4479-88CA-864656B1E034",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user)."
},
{
"lang": "es",
"value": "# Una Posible vulnerabilidad XSS en Rails::Html::Sanitizer Se presenta una posible vulnerabilidad XSS con determinadas configuraciones de Rails::Html::Sanitizer. Esta vulnerabilidad le ha sido asignada el identificador CVE CVE-2022-32209. Versiones afectadas: TODAS No se han visto afectadas: NONE Versiones Corregidas: v1.4.3## Impacto Una posible vulnerabilidad de tipo XSS con determinadas configuraciones de Rails::Html::Sanitizer puede permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del saneador para permitir tanto los elementos \"select\" como \"style\". El c\u00f3digo s\u00f3lo est\u00e1 afectado si son anuladas las etiquetas permitidas. Esto puede hacerse por medio de la configuraci\u00f3n de la aplicaci\u00f3n: \"\"ruby# En config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]\"\" vea https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr puede hacerse con una opci\u00f3n \":tags\" al ayudante de la Visualizaci\u00f3n de Acci\u00f3n \"sanitize\":\"\"(%= sanitize @comment.body, tags: [\"select\", \"style\"] %)\"\" vea https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr puede hacerse con Rails::Html::SafeListSanitizer directamente:\" ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]\"\"\"o\"\"\"ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article. body, tags: [\"select\", \"style\"])\"\"\"Todos los usuarios que sobrescriban las etiquetas permitidas por cualquiera de los mecanismos anteriores para incluir tanto \"select\" como \"style\" deben actualizar o usar una de las mitigaciones inmediatamente. ## Versiones Las versiones CORREGIDAS est\u00e1n disponibles en las ubicaciones habituales. ## Soluciones Eliminar \"select\" o \"style\" de las etiquetas permitidas sobre establecidas. ## Cr\u00e9ditos Esta vulnerabilidad fue reportada responsablemente por [windshock](https://hackerone.com/windshock?type=user)"
}
],
"id": "CVE-2022-32209",
"lastModified": "2025-11-03T22:15:58.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:11.153",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1530898"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1530898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-PG8V-G4XQ-HWW9
Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2025-11-04 16:39
VLAI
Summary
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Details
Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. Code is only impacted if allowed tags are being overridden.
This may be done via application configuration: ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]
see https://guides.rubyonrails.org/configuring.html#configuring-action-view
Or it may be done with a :tags option to the Action View helper sanitize: <%= sanitize @comment.body, tags: ["select", "style"] %>
see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize
It may also be done with Rails::Html::SafeListSanitizer directly:
ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"] or with
ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])
All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" are recommended to upgrade immediately. A workaround for this issue can be applied by removing either select or style from the overridden allowed tags.
Severity
6.1 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rails-html-sanitizer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-32209"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-05T18:10:35Z",
"nvd_published_at": "2022-06-24T15:15:00Z",
"severity": "MODERATE"
},
"details": "Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements. Code is only impacted if allowed tags are being overridden. \n\nThis may be done via application configuration: ```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```\n\nsee https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\nOr it may be done with a `:tags` option to the Action View helper `sanitize`: ```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e``` \n\nsee https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize \n\nIt may also be done with Rails::Html::SafeListSanitizer directly: \n```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]``` or with\n```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```\n\nAll users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" are recommended to upgrade immediately. A workaround for this issue can be applied by removing either `select` or `style` from the overridden allowed tags.",
"id": "GHSA-pg8v-g4xq-hww9",
"modified": "2025-11-04T16:39:03Z",
"published": "2022-06-25T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32209"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails-html-sanitizer/commit/45a5c10fed3d9aa141594c80afa06d748fa0967d"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1530898"
},
{
"type": "PACKAGE",
"url": "https://github.com/rails/rails-html-sanitizer"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-32209.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Rails::Html::Sanitizer vulnerable to Cross-site Scripting"
}
GSD-2022-32209
Vulnerability from gsd - Updated: 2022-06-09 00:00Details
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
This vulnerability has been assigned the CVE identifier CVE-2022-32209.
Versions Affected: ALL
Not affected: NONE
Fixed Versions: v1.4.3
## Impact
A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
may allow an attacker to inject content if the application developer has overridden
the sanitizer's allowed tags to allow both `select` and `style` elements.
Code is only impacted if allowed tags are being overridden. This may be done via
application configuration:
```ruby
# In config/application.rb
config.action_view.sanitized_allowed_tags = ["select", "style"]
```
see https://guides.rubyonrails.org/configuring.html#configuring-action-view
Or it may be done with a `:tags` option to the Action View helper `sanitize`:
```
<%= sanitize @comment.body, tags: ["select", "style"] %>
```
see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize
Or it may be done with Rails::Html::SafeListSanitizer directly:
```ruby
# class-level option
Rails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]
```
or
```ruby
# instance-level option
Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])
```
All users overriding the allowed tags by any of the above mechanisms to include
both "select" and "style" should either upgrade or use one of the workarounds immediately.
## Workarounds
Remove either `select` or `style` from the overridden allowed tags.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-32209",
"description": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).",
"id": "GSD-2022-32209",
"references": [
"https://www.suse.com/security/cve/CVE-2022-32209.html",
"https://access.redhat.com/errata/RHSA-2022:8506"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rails-html-sanitizer",
"purl": "pkg:gem/rails-html-sanitizer"
}
}
],
"aliases": [
"CVE-2022-32209",
"GHSA-pg8v-g4xq-hww9"
],
"details": "There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.\nThis vulnerability has been assigned the CVE identifier CVE-2022-32209.\n\nVersions Affected: ALL\nNot affected: NONE\nFixed Versions: v1.4.3\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer\nmay allow an attacker to inject content if the application developer has overridden\nthe sanitizer\u0027s allowed tags to allow both `select` and `style` elements.\n\nCode is only impacted if allowed tags are being overridden. This may be done via\napplication configuration:\n\n```ruby\n# In config/application.rb\nconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]\n```\n\nsee https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\nOr it may be done with a `:tags` option to the Action View helper `sanitize`:\n\n```\n\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e\n```\n\nsee https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\nOr it may be done with Rails::Html::SafeListSanitizer directly:\n\n```ruby\n# class-level option\nRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]\n```\n\nor\n\n```ruby\n# instance-level option\nRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])\n```\n\nAll users overriding the allowed tags by any of the above mechanisms to include\nboth \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\n\nRemove either `select` or `style` from the overridden allowed tags.\n",
"id": "GSD-2022-32209",
"modified": "2022-06-09T00:00:00.000Z",
"published": "2022-06-09T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.1,
"type": "CVSS_V3"
}
],
"summary": "Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-32209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails-html-sanitizer",
"version": {
"version_data": [
{
"version_value": "v1.4.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1530898",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1530898"
},
{
"name": "FEDORA-2022-ce4719993c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"name": "FEDORA-2022-974fffb418",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
},
{
"name": "[debian-lts-announce] 20221206 [SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2022-32209",
"cvss_v3": 6.1,
"date": "2022-06-09",
"description": "There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.\nThis vulnerability has been assigned the CVE identifier CVE-2022-32209.\n\nVersions Affected: ALL\nNot affected: NONE\nFixed Versions: v1.4.3\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer\nmay allow an attacker to inject content if the application developer has overridden\nthe sanitizer\u0027s allowed tags to allow both `select` and `style` elements.\n\nCode is only impacted if allowed tags are being overridden. This may be done via\napplication configuration:\n\n```ruby\n# In config/application.rb\nconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]\n```\n\nsee https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\nOr it may be done with a `:tags` option to the Action View helper `sanitize`:\n\n```\n\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e\n```\n\nsee https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\nOr it may be done with Rails::Html::SafeListSanitizer directly:\n\n```ruby\n# class-level option\nRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]\n```\n\nor\n\n```ruby\n# instance-level option\nRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])\n```\n\nAll users overriding the allowed tags by any of the above mechanisms to include\nboth \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\n\nRemove either `select` or `style` from the overridden allowed tags.\n",
"gem": "rails-html-sanitizer",
"ghsa": "pg8v-g4xq-hww9",
"patched_versions": [
"\u003e= 1.4.3"
],
"title": "Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer",
"url": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.4.3",
"affected_versions": "All versions before 1.4.3",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2022-07-05",
"description": "There is a possible XSS vulnerability with certain configurations of `Rails::Html::Sanitizer`. `Rails::Html::Sanitizer` may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements. Code is only impacted if allowed tags are being overridden.",
"fixed_versions": [
"1.4.3"
],
"identifier": "CVE-2022-32209",
"identifiers": [
"GHSA-pg8v-g4xq-hww9",
"CVE-2022-32209"
],
"not_impacted": "All versions starting from 1.4.3",
"package_slug": "gem/rails-html-sanitizer",
"pubdate": "2022-06-25",
"solution": "Upgrade to version 1.4.3 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-32209",
"https://hackerone.com/reports/1530898",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-32209.yml",
"https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s",
"https://github.com/advisories/GHSA-pg8v-g4xq-hww9"
],
"uuid": "76a61117-7f4a-4cf0-8092-dbf024394bfb"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
"matchCriteriaId": "2A94FBF3-C2F8-4479-88CA-864656B1E034",
"versionEndExcluding": "1.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user)."
},
{
"lang": "es",
"value": "# Una Posible vulnerabilidad XSS en Rails::Html::Sanitizer Se presenta una posible vulnerabilidad XSS con determinadas configuraciones de Rails::Html::Sanitizer. Esta vulnerabilidad le ha sido asignada el identificador CVE CVE-2022-32209. Versiones afectadas: TODAS No se han visto afectadas: NONE Versiones Corregidas: v1.4.3## Impacto Una posible vulnerabilidad de tipo XSS con determinadas configuraciones de Rails::Html::Sanitizer puede permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del saneador para permitir tanto los elementos \"select\" como \"style\". El c\u00f3digo s\u00f3lo est\u00e1 afectado si son anuladas las etiquetas permitidas. Esto puede hacerse por medio de la configuraci\u00f3n de la aplicaci\u00f3n: \"\"ruby# En config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]\"\" vea https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr puede hacerse con una opci\u00f3n \":tags\" al ayudante de la Visualizaci\u00f3n de Acci\u00f3n \"sanitize\":\"\"(%= sanitize @comment.body, tags: [\"select\", \"style\"] %)\"\" vea https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr puede hacerse con Rails::Html::SafeListSanitizer directamente:\" ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]\"\"\"o\"\"\"ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article. body, tags: [\"select\", \"style\"])\"\"\"Todos los usuarios que sobrescriban las etiquetas permitidas por cualquiera de los mecanismos anteriores para incluir tanto \"select\" como \"style\" deben actualizar o usar una de las mitigaciones inmediatamente. ## Versiones Las versiones CORREGIDAS est\u00e1n disponibles en las ubicaciones habituales. ## Soluciones Eliminar \"select\" o \"style\" de las etiquetas permitidas sobre establecidas. ## Cr\u00e9ditos Esta vulnerabilidad fue reportada responsablemente por [windshock](https://hackerone.com/windshock?type=user)"
}
],
"id": "CVE-2022-32209",
"lastModified": "2024-02-01T16:22:15.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-24T15:15:11.153",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1530898"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
}
]
}
}
}
}
OPENSUSE-SU-2024:12145-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12145
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12145",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12145-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7579 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7580 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3741 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-32209 page",
"url": "https://www.suse.com/security/cve/CVE-2022-32209/"
}
],
"title": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12145-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"product_id": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"product_id": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64",
"product_id": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7578"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7578",
"url": "https://www.suse.com/security/cve/CVE-2015-7578"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7578",
"url": "https://bugzilla.suse.com/963326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7578"
},
{
"cve": "CVE-2015-7579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7579"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7579",
"url": "https://www.suse.com/security/cve/CVE-2015-7579"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7579"
},
{
"cve": "CVE-2015-7580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7580"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7580",
"url": "https://www.suse.com/security/cve/CVE-2015-7580"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7580"
},
{
"cve": "CVE-2018-3741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3741"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3741",
"url": "https://www.suse.com/security/cve/CVE-2018-3741"
},
{
"category": "external",
"summary": "SUSE Bug 1085967 for CVE-2018-3741",
"url": "https://bugzilla.suse.com/1085967"
},
{
"category": "external",
"summary": "SUSE Bug 1086598 for CVE-2018-3741",
"url": "https://bugzilla.suse.com/1086598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-3741"
},
{
"cve": "CVE-2022-32209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-32209"
}
],
"notes": [
{
"category": "general",
"text": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-32209",
"url": "https://www.suse.com/security/cve/CVE-2022-32209"
},
{
"category": "external",
"summary": "SUSE Bug 1201183 for CVE-2022-32209",
"url": "https://bugzilla.suse.com/1201183"
},
{
"category": "external",
"summary": "SUSE Bug 1206436 for CVE-2022-32209",
"url": "https://bugzilla.suse.com/1206436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-32209"
}
]
}
OPENSUSE-SU-2024:13137-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1 on GA media
Description of the patch: These are all security issues fixed in the ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13137
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13137",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13137-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7579 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7580 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3741 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-32209 page",
"url": "https://www.suse.com/security/cve/CVE-2022-32209/"
}
],
"title": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13137-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"product": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"product_id": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"product": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"product_id": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"product": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"product_id": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64",
"product": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64",
"product_id": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64"
},
"product_reference": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le"
},
"product_reference": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x"
},
"product_reference": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
},
"product_reference": "ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7578"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7578",
"url": "https://www.suse.com/security/cve/CVE-2015-7578"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7578",
"url": "https://bugzilla.suse.com/963326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7578"
},
{
"cve": "CVE-2015-7579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7579"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7579",
"url": "https://www.suse.com/security/cve/CVE-2015-7579"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7579"
},
{
"cve": "CVE-2015-7580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7580"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7580",
"url": "https://www.suse.com/security/cve/CVE-2015-7580"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7580"
},
{
"cve": "CVE-2018-3741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3741"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3741",
"url": "https://www.suse.com/security/cve/CVE-2018-3741"
},
{
"category": "external",
"summary": "SUSE Bug 1085967 for CVE-2018-3741",
"url": "https://bugzilla.suse.com/1085967"
},
{
"category": "external",
"summary": "SUSE Bug 1086598 for CVE-2018-3741",
"url": "https://bugzilla.suse.com/1086598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-3741"
},
{
"cve": "CVE-2022-32209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-32209"
}
],
"notes": [
{
"category": "general",
"text": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-32209",
"url": "https://www.suse.com/security/cve/CVE-2022-32209"
},
{
"category": "external",
"summary": "SUSE Bug 1201183 for CVE-2022-32209",
"url": "https://bugzilla.suse.com/1201183"
},
{
"category": "external",
"summary": "SUSE Bug 1206436 for CVE-2022-32209",
"url": "https://bugzilla.suse.com/1206436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-rails-html-sanitizer-1.5.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-32209"
}
]
}
OPENSUSE-SU-2024:14175-1
Vulnerability from csaf_opensuse - Published: 2024-07-12 00:00 - Updated: 2024-07-12 00:00Summary
ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5 on GA media
Severity
Moderate
Notes
Title of the patch: ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5 on GA media
Description of the patch: These are all security issues fixed in the ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14175
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14175",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14175-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7578 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7579 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7580 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3741 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23517 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23518 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23519 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-23520 page",
"url": "https://www.suse.com/security/cve/CVE-2022-23520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-32209 page",
"url": "https://www.suse.com/security/cve/CVE-2022-32209/"
}
],
"title": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5 on GA media",
"tracking": {
"current_release_date": "2024-07-12T00:00:00Z",
"generator": {
"date": "2024-07-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14175-1",
"initial_release_date": "2024-07-12T00:00:00Z",
"revision_history": [
{
"date": "2024-07-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"product": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"product_id": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"product": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"product_id": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"product": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"product_id": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64",
"product": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64",
"product_id": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64"
},
"product_reference": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le"
},
"product_reference": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x"
},
"product_reference": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
},
"product_reference": "ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7578"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7578",
"url": "https://www.suse.com/security/cve/CVE-2015-7578"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7578",
"url": "https://bugzilla.suse.com/963326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7578"
},
{
"cve": "CVE-2015-7579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7579"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7579",
"url": "https://www.suse.com/security/cve/CVE-2015-7579"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7579",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7579"
},
{
"cve": "CVE-2015-7580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7580"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7580",
"url": "https://www.suse.com/security/cve/CVE-2015-7580"
},
{
"category": "external",
"summary": "SUSE Bug 963326 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963326"
},
{
"category": "external",
"summary": "SUSE Bug 963327 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963327"
},
{
"category": "external",
"summary": "SUSE Bug 963328 for CVE-2015-7580",
"url": "https://bugzilla.suse.com/963328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7580"
},
{
"cve": "CVE-2018-3741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3741"
}
],
"notes": [
{
"category": "general",
"text": "There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3741",
"url": "https://www.suse.com/security/cve/CVE-2018-3741"
},
{
"category": "external",
"summary": "SUSE Bug 1085967 for CVE-2018-3741",
"url": "https://bugzilla.suse.com/1085967"
},
{
"category": "external",
"summary": "SUSE Bug 1086598 for CVE-2018-3741",
"url": "https://bugzilla.suse.com/1086598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-3741"
},
{
"cve": "CVE-2022-23517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23517"
}
],
"notes": [
{
"category": "general",
"text": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer \u003c 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23517",
"url": "https://www.suse.com/security/cve/CVE-2022-23517"
},
{
"category": "external",
"summary": "SUSE Bug 1206433 for CVE-2022-23517",
"url": "https://bugzilla.suse.com/1206433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23517"
},
{
"cve": "CVE-2022-23518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23518"
}
],
"notes": [
{
"category": "general",
"text": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions \u003e= 1.0.3, \u003c 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah \u003e= 2.1.0. This issue is patched in version 1.4.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23518",
"url": "https://www.suse.com/security/cve/CVE-2022-23518"
},
{
"category": "external",
"summary": "SUSE Bug 1206434 for CVE-2022-23518",
"url": "https://bugzilla.suse.com/1206434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23518"
},
{
"cve": "CVE-2022-23519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23519"
}
],
"notes": [
{
"category": "general",
"text": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23519",
"url": "https://www.suse.com/security/cve/CVE-2022-23519"
},
{
"category": "external",
"summary": "SUSE Bug 1206435 for CVE-2022-23519",
"url": "https://bugzilla.suse.com/1206435"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-23519"
},
{
"cve": "CVE-2022-23520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-23520"
}
],
"notes": [
{
"category": "general",
"text": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-23520",
"url": "https://www.suse.com/security/cve/CVE-2022-23520"
},
{
"category": "external",
"summary": "SUSE Bug 1206436 for CVE-2022-23520",
"url": "https://bugzilla.suse.com/1206436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-23520"
},
{
"cve": "CVE-2022-32209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-32209"
}
],
"notes": [
{
"category": "general",
"text": "# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```\u003c%= sanitize @comment.body, tags: [\"select\", \"style\"] %\u003e```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-32209",
"url": "https://www.suse.com/security/cve/CVE-2022-32209"
},
{
"category": "external",
"summary": "SUSE Bug 1201183 for CVE-2022-32209",
"url": "https://bugzilla.suse.com/1201183"
},
{
"category": "external",
"summary": "SUSE Bug 1206436 for CVE-2022-32209",
"url": "https://bugzilla.suse.com/1206436"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-rails-html-sanitizer-1.6.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-32209"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…