Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Description
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rails-html-sanitizerRubyGems | < 1.4.4 | 1.4.4 |
Affected products
12- ghsa-coords11 versionspkg:gem/rails-html-sanitizerpkg:rpm/opensuse/rubygem-rails-html-sanitizer&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/rubygem-rails-html-sanitizer&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/rubygem-rails-html-sanitizer&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.4.4+ 10 more
- (no CPE)range: < 1.4.4
- (no CPE)range: < 1.0.4-150000.4.6.1
- (no CPE)range: < 1.0.4-150000.4.6.1
- (no CPE)range: < 1.5.0-1.1
- (no CPE)range: < 1.0.4-150000.4.6.1
- (no CPE)range: < 1.0.4-150000.4.6.1
- (no CPE)range: < 1.0.4-150000.4.6.1
- (no CPE)range: < 1.0.4-150000.4.6.1
- (no CPE)range: < 1.0.4-150000.4.6.1
- (no CPE)range: < 1.0.3-8.14.1
- (no CPE)range: < 1.0.3-8.14.1
- Range: < 1.4.4
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-9h9g-93gc-623hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23519ghsaADVISORY
- github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623hghsax_refsource_CONFIRMWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23519.ymlghsaWEB
- hackerone.com/reports/1656627ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2023/09/msg00012.htmlghsaWEB
- lists.debian.org/debian-lts-announce/2024/09/msg00045.htmlghsaWEB
News mentions
0No linked articles in our index yet.