CVE-2022-23519

NameCVE-2022-23519
Descriptionrails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs1027153

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-rails-html-sanitizer (PTS)buster1.0.4-1vulnerable
buster (security)1.0.4-1+deb10u1vulnerable
bullseye1.3.0-1vulnerable
bookworm, sid1.4.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-rails-html-sanitizersource(unstable)1.4.4-11027153

Notes

[buster] - ruby-rails-html-sanitizer <postponed> (Minor issue can be fixed later)
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Search for package or bug name: Reporting problems