GSD-2022-27777
Vulnerability from gsd - Updated: 2022-04-26 00:00Details
There is a possible XSS vulnerability in Action View tag helpers. Passing
untrusted input as hash keys can lead to a possible XSS vulnerability. This
vulnerability has been assigned the CVE identifier CVE-2022-27777.
Versions Affected: ALL
Not affected: NONE
Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1
## Impact
If untrusted data is passed as the hash key for tag attributes, there is a
possibility that the untrusted data may not be properly escaped which can
lead to an XSS vulnerability.
Impacted code will look something like this:
```
check_box_tag('thename', 'thevalue', false, aria: { malicious_input => 'thevalueofaria' })
```
Where the "malicious_input" variable contains untrusted data.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
## Releases
The FIXED releases are available at the normal locations.
## Workarounds
Escape the untrusted data before using it as a key for tag helper methods.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-27777",
"description": "A XSS Vulnerability in Action View tag helpers \u003e= 5.2.0 and \u003c 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.",
"id": "GSD-2022-27777",
"references": [
"https://www.suse.com/security/cve/CVE-2022-27777.html",
"https://www.debian.org/security/2023/dsa-5372"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "actionview",
"purl": "pkg:gem/actionview"
}
}
],
"aliases": [
"CVE-2022-27777",
"GHSA-ch3h-j2vf-95pv"
],
"details": "There is a possible XSS vulnerability in Action View tag helpers. Passing\nuntrusted input as hash keys can lead to a possible XSS vulnerability. This\nvulnerability has been assigned the CVE identifier CVE-2022-27777.\n\nVersions Affected: ALL\nNot affected: NONE\nFixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1\n\n## Impact\n\nIf untrusted data is passed as the hash key for tag attributes, there is a\npossibility that the untrusted data may not be properly escaped which can\nlead to an XSS vulnerability.\n\nImpacted code will look something like this:\n\n```\ncheck_box_tag(\u0027thename\u0027, \u0027thevalue\u0027, false, aria: { malicious_input =\u003e \u0027thevalueofaria\u0027 })\n```\n\nWhere the \"malicious_input\" variable contains untrusted data.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Releases\n\nThe FIXED releases are available at the normal locations.\n\n## Workarounds\n\nEscape the untrusted data before using it as a key for tag helper methods.\n",
"id": "GSD-2022-27777",
"modified": "2022-04-26T00:00:00.000Z",
"published": "2022-04-26T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85"
},
{
"type": "WEB",
"url": "https://github.com/rails/rails/blob/7-0-stable/actionview/CHANGELOG.md#rails-7024-april-26-2022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.1,
"type": "CVSS_V3"
}
],
"summary": "Possible XSS Vulnerability in Action View tag helpers"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2022-27777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/rails/rails",
"version": {
"version_data": [
{
"version_value": "7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A XSS Vulnerability in Action View tag helpers \u003e= 5.2.0 and \u003c 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534",
"refsource": "MISC",
"url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"
},
{
"name": "[debian-lts-announce] 20220903 [SECURITY] [DLA 3093-1] rails security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"
},
{
"name": "DSA-5372",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2023/dsa-5372"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2022-27777",
"cvss_v3": 6.1,
"date": "2022-04-26",
"description": "There is a possible XSS vulnerability in Action View tag helpers. Passing\nuntrusted input as hash keys can lead to a possible XSS vulnerability. This\nvulnerability has been assigned the CVE identifier CVE-2022-27777.\n\nVersions Affected: ALL\nNot affected: NONE\nFixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1\n\n## Impact\n\nIf untrusted data is passed as the hash key for tag attributes, there is a\npossibility that the untrusted data may not be properly escaped which can\nlead to an XSS vulnerability.\n\nImpacted code will look something like this:\n\n```\ncheck_box_tag(\u0027thename\u0027, \u0027thevalue\u0027, false, aria: { malicious_input =\u003e \u0027thevalueofaria\u0027 })\n```\n\nWhere the \"malicious_input\" variable contains untrusted data.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Releases\n\nThe FIXED releases are available at the normal locations.\n\n## Workarounds\n\nEscape the untrusted data before using it as a key for tag helper methods.\n",
"framework": "rails",
"gem": "actionview",
"ghsa": "ch3h-j2vf-95pv",
"patched_versions": [
"~\u003e 5.2.7, \u003e= 5.2.7.1",
"~\u003e 6.0.4, \u003e= 6.0.4.8",
"~\u003e 6.1.5, \u003e= 6.1.5.1",
"\u003e= 7.0.2.4"
],
"related": {
"url": [
"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85",
"https://github.com/rails/rails/blob/7-0-stable/actionview/CHANGELOG.md#rails-7024-april-26-2022"
]
},
"title": "Possible XSS Vulnerability in Action View tag helpers",
"url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c5.2.7.1||\u003e=6.0.0 \u003c6.0.4.8||\u003e=6.1.0 \u003c6.1.5.1||\u003e=7.0.0 \u003c7.0.2.4",
"affected_versions": "All versions before 5.2.7.1, all versions starting from 6.0.0 before 6.0.4.8, all versions starting from 6.1.0 before 6.1.5.1, all versions starting from 7.0.0 before 7.0.2.4",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-03-14",
"description": "A XSS Vulnerability in Action View tag helpers \u003e= 5.2.0 and \u003c 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.",
"fixed_versions": [
"5.2.7.1",
"6.0.4.8",
"6.1.5.1",
"7.0.2.4"
],
"identifier": "CVE-2022-27777",
"identifiers": [
"CVE-2022-27777"
],
"not_impacted": "All versions starting from 5.2.7.1 before 6.0.0, all versions starting from 6.0.4.8 before 6.1.0, all versions starting from 6.1.5.1 before 7.0.0, all versions starting from 7.0.2.4",
"package_slug": "gem/actionpack",
"pubdate": "2022-05-26",
"solution": "Upgrade to versions 5.2.7.1, 6.0.4.8, 6.1.5.1, 7.0.2.4 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-27777",
"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"
],
"uuid": "d4af1141-dd8d-4221-98a0-6804ad4bc15b"
},
{
"affected_range": "\u003c=5.2.7.0||\u003e=6.0.0 \u003c=6.0.4.7||\u003e=6.1.0 \u003c=6.1.5.0||\u003e=7.0.0 \u003c=7.0.2.3",
"affected_versions": "All versions up to 5.2.7.0, all versions starting from 6.0.0 up to 6.0.4.7, all versions starting from 6.1.0 up to 6.1.5.0, all versions starting from 7.0.0 up to 7.0.2.3",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2022-04-27",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in actionview.",
"fixed_versions": [
"5.2.7.1",
"6.0.4.8",
"6.1.5.1",
"7.0.2.4"
],
"identifier": "GMS-2022-1138",
"identifiers": [
"GHSA-ch3h-j2vf-95pv",
"GMS-2022-1138",
"CVE-2022-27777"
],
"not_impacted": "All versions after 5.2.7.0 before 6.0.0, all versions after 6.0.4.7 before 6.1.0, all versions after 6.1.5.0 before 7.0.0, all versions after 7.0.2.3",
"package_slug": "gem/actionview",
"pubdate": "2022-04-27",
"solution": "Upgrade to versions 5.2.7.1, 6.0.4.8, 6.1.5.1, 7.0.2.4 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-27777",
"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml",
"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw",
"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released",
"https://github.com/advisories/GHSA-ch3h-j2vf-95pv"
],
"uuid": "26f3f4c4-2838-431b-80e7-f0fdf810c308"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.2.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.5.1",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:actionpack:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.4.8",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-assignments@hackerone.com",
"ID": "CVE-2022-27777"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A XSS Vulnerability in Action View tag helpers \u003e= 5.2.0 and \u003c 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534",
"refsource": "MISC",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"
},
{
"name": "[debian-lts-announce] 20220903 [SECURITY] [DLA 3093-1] rails security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"
},
{
"name": "DSA-5372",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2023/dsa-5372"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-03-14T08:15Z",
"publishedDate": "2022-05-26T17:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…