cvelistv5 - cve-2024-53985

CVE-2024-53985 (GCVE-0-2024-53985)

Vulnerability from cvelistv5 – Published: 2024-12-02 21:15 – Updated: 2024-12-11 16:47

Summary

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1.

Severity ?

2.3 (Low)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/rails/rails-html-sanitizer/sec…	x_refsource_CONFIRM
	https://github.com/rails/rails-html-sanitizer/com…	x_refsource_MISC
	https://github.com/rails/rails-html-sanitizer/com…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rails	rails-html-sanitizer	Affected: >= 1.6.0, < 1.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-53985",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-11T16:47:47.095368Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-11T16:47:59.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rails-html-sanitizer",
          "vendor": "rails",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.6.0, \u003c 1.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags with both \"math\" and \"style\" elements or both both \"svg\" and \"style\" elements. This vulnerability is fixed in 1.6.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-02T21:50:15.526Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x"
        },
        {
          "name": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1"
        },
        {
          "name": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505"
        }
      ],
      "source": {
        "advisory": "GHSA-w8gc-x259-rc7x",
        "discovery": "UNKNOWN"
      },
      "title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-53985",
    "datePublished": "2024-12-02T21:15:57.620Z",
    "dateReserved": "2024-11-25T23:14:36.380Z",
    "dateUpdated": "2024-12-11T16:47:59.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags with both \\\"math\\\" and \\\"style\\\" elements or both both \\\"svg\\\" and \\\"style\\\" elements. This vulnerability is fixed in 1.6.1.\"}, {\"lang\": \"es\", \"value\": \"rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0 y Nokogiri \u0026lt; 1.15.7, o 1.16.x \u0026lt; 1.16.8. La vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\\u00f3n HTML5 est\\u00e1 habilitada y el desarrollador de la aplicaci\\u00f3n ha anulado las etiquetas permitidas del desinfectante con elementos \\\"math\\\" y \\\"style\\\" o ambos elementos \\\"svg\\\" y \\\"style\\\". Esta vulnerabilidad se corrigi\\u00f3 en 1.6.1.\"}]",
      "id": "CVE-2024-53985",
      "lastModified": "2024-12-02T22:15:11.197",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 2.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"PASSIVE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"LOW\", \"subsequentSystemIntegrity\": \"LOW\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}]}",
      "published": "2024-12-02T22:15:11.197",
      "references": "[{\"url\": \"https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x\", \"source\": \"security-advisories@github.com\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53985\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-12-02T22:15:11.197\",\"lastModified\":\"2025-08-15T19:41:49.843\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags with both \\\"math\\\" and \\\"style\\\" elements or both both \\\"svg\\\" and \\\"style\\\" elements. This vulnerability is fixed in 1.6.1.\"},{\"lang\":\"es\",\"value\":\"rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0 y Nokogiri \u0026lt; 1.15.7, o 1.16.x \u0026lt; 1.16.8. La vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\u00f3n HTML5 est\u00e1 habilitada y el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del desinfectante con elementos \\\"math\\\" y \\\"style\\\" o ambos elementos \\\"svg\\\" y \\\"style\\\". Esta vulnerabilidad se corrigi\u00f3 en 1.6.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*\",\"matchCriteriaId\":\"546282EA-EF7B-445D-9A46-8DBCC1B5C554\"}]}]}],\"references\":[{\"url\":\"https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-53985\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-11T16:47:47.095368Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-11T16:47:54.294Z\"}}], \"cna\": {\"title\": \"Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0\", \"source\": {\"advisory\": \"GHSA-w8gc-x259-rc7x\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 2.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"rails\", \"product\": \"rails-html-sanitizer\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.6.0, \u003c 1.6.1\"}]}], \"references\": [{\"url\": \"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x\", \"name\": \"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1\", \"name\": \"https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505\", \"name\": \"https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags with both \\\"math\\\" and \\\"style\\\" elements or both both \\\"svg\\\" and \\\"style\\\" elements. This vulnerability is fixed in 1.6.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-12-02T21:50:15.526Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-53985\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-11T16:47:59.133Z\", \"dateReserved\": \"2024-11-25T23:14:36.380Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-12-02T21:15:57.620Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-W8GC-X259-RC7X

Vulnerability from github – Published: 2024-12-02 21:48 – Updated: 2024-12-03 18:50

Summary

rails-html-sanitize has XSS vulnerability with certain configurations

Details

Summary

There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8.

Versions affected: 1.6.0
Not affected: < 1.6.0
Fixed versions: 1.6.1

Please note that the fix in v1.6.1 is to update the dependency on Nokogiri to 1.15.7 or >= 1.16.8.

Impact

A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags in either of the following ways:

allow both "math" and "style" elements
or allow both "svg" and "style" elements

Code is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information on these configuration options.

Code is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:

using application configuration to configure Action View sanitizers' allowed tags:

ruby # In config/application.rb config.action_view.sanitized_allowed_tags = ["math", "style"] # or config.action_view.sanitized_allowed_tags = ["svg", "style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

using a :tags option to the Action View helper sanitize:

<%= sanitize @comment.body, tags: ["math", "style"] %> <%# or %> <%= sanitize @comment.body, tags: ["svg", "style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

setting Rails::HTML5::SafeListSanitizer class attribute allowed_tags:

ruby # class-level option Rails::HTML5::SafeListSanitizer.allowed_tags = ["math", "style"] # or Rails::HTML5::SafeListSanitizer.allowed_tags = ["svg", "style"]

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

using a :tags options to the Rails::HTML5::SafeListSanitizer instance method sanitize:

ruby # instance-level option Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "style"]) # or Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: ["svg", "style"])

(note that this class may also be referenced as Rails::Html::SafeListSanitizer)

setting ActionText::ContentHelper module attribute allowed_tags:

ruby ActionText::ContentHelper.allowed_tags = ["math", "style"] # or ActionText::ContentHelper.allowed_tags = ["svg", "style"]

All users overriding the allowed tags by any of the above mechanisms to include (("math" or "svg") and "style") should either upgrade or use one of the workarounds.

Workarounds

Any one of the following actions will work around this issue:

Remove "style" from the overridden allowed tags,
Or, remove "math" and "svg" from the overridden allowed tags,
Or, downgrade sanitization to HTML4 (see documentation for config.action_view.sanitizer_vendor and config.action_text.sanitizer_vendor for more information)
Or, independently upgrade Nokogiri to v1.15.7 or >= 1.16.8.

References

CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
Original report: https://hackerone.com/reports/2503220

Credit

This vulnerability was responsibly reported by So Sakaguchi (mokusou) and taise.

Severity ?

2.3 (Low)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rails-html-sanitizer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.6.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-53985"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-02T21:48:14Z",
    "nvd_published_at": "2024-12-02T22:15:11Z",
    "severity": "LOW"
  },
  "details": "## Summary\n\nThere is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8.\n\n* Versions affected: 1.6.0\n* Not affected: \u003c 1.6.0\n* Fixed versions: 1.6.1\n\nPlease note that the fix in v1.6.1 is to update the dependency on Nokogiri to 1.15.7 or \u003e= 1.16.8.\n\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways:\n\n* allow both \"math\" and \"style\" elements\n* or allow both \"svg\" and \"style\" elements\n\nCode is only impacted if Rails is configured to use HTML5 sanitization, please see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor) and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor) for more information on these configuration options.\n\nCode is only impacted if allowed tags are being overridden. Applications may be doing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers\u0027 allowed tags:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n  # or\n  config.action_view.sanitized_allowed_tags = [\"svg\", \"style\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  \u003c%= sanitize @comment.body, tags: [\"math\", \"style\"] %\u003e\n  \u003c%# or %\u003e\n  \u003c%= sanitize @comment.body, tags: [\"svg\", \"style\"] %\u003e\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n  ```ruby\n  # class-level option\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n  # or\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"svg\", \"style\"]\n  ```\n\n  (note that this class may also be referenced as `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n  # or\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"svg\", \"style\"])\n  ```\n\n  (note that this class may also be referenced as `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n  ```ruby\n  ActionText::ContentHelper.allowed_tags = [\"math\", \"style\"]\n  # or\n  ActionText::ContentHelper.allowed_tags = [\"svg\", \"style\"]\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms to include ((\"math\" or \"svg\") and \"style\") should either upgrade or use one of the workarounds.\n\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"style\" from the overridden allowed tags,\n- Or, remove \"math\" and \"svg\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor) and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor) for more information)\n- Or, independently upgrade Nokogiri to v1.15.7 or \u003e= 1.16.8.\n\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2503220\n\n\n## Credit\n\nThis vulnerability was responsibly reported by So Sakaguchi ([mokusou](https://hackerone.com/mokusou)) and [taise](https://hackerone.com/taise).\n",
  "id": "GHSA-w8gc-x259-rc7x",
  "modified": "2024-12-03T18:50:29Z",
  "published": "2024-12-02T21:48:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53985"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rails/rails-html-sanitizer"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53985.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "rails-html-sanitize has XSS vulnerability with certain configurations"
}

CERTFR-2024-AVI-1034

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Ruby on Rails	rails-html-sanitizer	rails-html-sanitizer versions v1.6.x antérieures à v1.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Ruby on Rails 88092

2024-12-02

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "rails-html-sanitizer versions v1.6.x ant\u00e9rieures \u00e0 v1.6.1",
      "product": {
        "name": "rails-html-sanitizer",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-53989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53989"
    },
    {
      "name": "CVE-2024-53988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53988"
    },
    {
      "name": "CVE-2024-53985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53985"
    },
    {
      "name": "CVE-2024-53987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53987"
    },
    {
      "name": "CVE-2024-53986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53986"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-1034",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": "2024-12-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 88092",
      "url": "https://discuss.rubyonrails.org/t/rails-html-sanitizer-v1-6-1-addresses-multiple-cves/88092"
    }
  ]
}

CERTFR-2024-AVI-1034

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Ruby on Rails	rails-html-sanitizer	rails-html-sanitizer versions v1.6.x antérieures à v1.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Ruby on Rails 88092

2024-12-02

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "rails-html-sanitizer versions v1.6.x ant\u00e9rieures \u00e0 v1.6.1",
      "product": {
        "name": "rails-html-sanitizer",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-53989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53989"
    },
    {
      "name": "CVE-2024-53988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53988"
    },
    {
      "name": "CVE-2024-53985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53985"
    },
    {
      "name": "CVE-2024-53987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53987"
    },
    {
      "name": "CVE-2024-53986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53986"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-1034",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": "2024-12-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 88092",
      "url": "https://discuss.rubyonrails.org/t/rails-html-sanitizer-v1-6-1-addresses-multiple-cves/88092"
    }
  ]
}

FKIE_CVE-2024-53985

Vulnerability from fkie_nvd - Published: 2024-12-02 22:15 - Updated: 2025-08-15 19:41

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1	Patch
security-advisories@github.com	https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505	Patch
security-advisories@github.com	https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x	Vendor Advisory

Impacted products

	Vendor	Product	Version
	rubyonrails	rails_html_sanitizers	1.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*",
              "matchCriteriaId": "546282EA-EF7B-445D-9A46-8DBCC1B5C554",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails \u003e= 7.1.0 and Nokogiri \u003c 1.15.7, or 1.16.x \u003c 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer\u0027s allowed tags with both \"math\" and \"style\" elements or both both \"svg\" and \"style\" elements. This vulnerability is fixed in 1.6.1."
    },
    {
      "lang": "es",
      "value": "rails-html-sanitizer es responsable de desinfectar fragmentos HTML en aplicaciones Rails. Existe una posible vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer 1.6.0 cuando se utiliza con Rails \u0026gt;= 7.1.0 y Nokogiri \u0026lt; 1.15.7, o 1.16.x \u0026lt; 1.16.8. La vulnerabilidad XSS con ciertas configuraciones de Rails::HTML::Sanitizer puede permitir que un atacante inyecte contenido si la sanitizaci\u00f3n HTML5 est\u00e1 habilitada y el desarrollador de la aplicaci\u00f3n ha anulado las etiquetas permitidas del desinfectante con elementos \"math\" y \"style\" o ambos elementos \"svg\" y \"style\". Esta vulnerabilidad se corrigi\u00f3 en 1.6.1."
    }
  ],
  "id": "CVE-2024-53985",
  "lastModified": "2025-08-15T19:41:49.843",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 2.3,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "LOW",
          "subIntegrityImpact": "LOW",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-02T22:15:11.197",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2024-3581

Vulnerability from csaf_certbund - Published: 2024-12-02 23:00 - Updated: 2024-12-02 23:00

Summary

Ruby on Rails: Mehrere Schwachstellen ermöglichen Cross-Site Scripting

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Ruby on Rails html-sanitizer ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Ruby on Rails ist ein in der Programmiersprache Ruby geschriebenes und quelloffenes Web Application Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen im Ruby on Rails html-sanitizer ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3581 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3581.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3581 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3581"
      },
      {
        "category": "external",
        "summary": "Ruby on Rails Security Announcements vom 2024-12-02",
        "url": "https://discuss.rubyonrails.org/t/rails-html-sanitizer-v1-6-1-addresses-multiple-cves/88092"
      }
    ],
    "source_lang": "en-US",
    "title": "Ruby on Rails: Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
    "tracking": {
      "current_release_date": "2024-12-02T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-03T10:41:07.747+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3581",
      "initial_release_date": "2024-12-02T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-02T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "rails-html-sanitizer \u003c1.6.1",
                "product": {
                  "name": "Open Source Ruby on Rails rails-html-sanitizer \u003c1.6.1",
                  "product_id": "T039538"
                }
              },
              {
                "category": "product_version",
                "name": "rails-html-sanitizer 1.6.1",
                "product": {
                  "name": "Open Source Ruby on Rails rails-html-sanitizer 1.6.1",
                  "product_id": "T039538-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rubyonrails:ruby_on_rails:rails-html-sanitizer__1.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ruby on Rails"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-53985",
      "notes": [
        {
          "category": "description",
          "text": "In Ruby on Rails existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der HTML sanitizer nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039538"
        ]
      },
      "release_date": "2024-12-02T23:00:00.000+00:00",
      "title": "CVE-2024-53985"
    },
    {
      "cve": "CVE-2024-53986",
      "notes": [
        {
          "category": "description",
          "text": "In Ruby on Rails existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der HTML sanitizer nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039538"
        ]
      },
      "release_date": "2024-12-02T23:00:00.000+00:00",
      "title": "CVE-2024-53986"
    },
    {
      "cve": "CVE-2024-53987",
      "notes": [
        {
          "category": "description",
          "text": "In Ruby on Rails existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der HTML sanitizer nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039538"
        ]
      },
      "release_date": "2024-12-02T23:00:00.000+00:00",
      "title": "CVE-2024-53987"
    },
    {
      "cve": "CVE-2024-53988",
      "notes": [
        {
          "category": "description",
          "text": "In Ruby on Rails existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der HTML sanitizer nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039538"
        ]
      },
      "release_date": "2024-12-02T23:00:00.000+00:00",
      "title": "CVE-2024-53988"
    },
    {
      "cve": "CVE-2024-53989",
      "notes": [
        {
          "category": "description",
          "text": "In Ruby on Rails existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden in der HTML sanitizer nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T039538"
        ]
      },
      "release_date": "2024-12-02T23:00:00.000+00:00",
      "title": "CVE-2024-53989"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-53985 (GCVE-0-2024-53985)

GHSA-W8GC-X259-RC7X

Summary

Impact

Workarounds

References

Credit

CERTFR-2024-AVI-1034

Solutions

CERTFR-2024-AVI-1034

Solutions

FKIE_CVE-2024-53985

WID-SEC-W-2024-3581

Tags

Sightings

Nomenclature