VYPR
Medium severity6.1NVD Advisory· Published Dec 14, 2022· Updated Jun 17, 2026

CVE-2022-23518

CVE-2022-23518

Description

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rails-html-sanitizerRubyGems
>= 1.0.3, < 1.4.41.4.4

Affected products

12

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.