CVE-2024-53985

NameCVE-2024-53985
Descriptionrails-html-sanitizer is responsible for sanitizing HTML fragments in R ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-rails-html-sanitizer (PTS)bullseye1.3.0-1fixed
bullseye (security)1.3.0-1+deb11u1fixed
bookworm1.4.4-1fixed
trixie1.6.2-1fixed
forky, sid1.7.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-rails-html-sanitizersource(unstable)(not affected)

Notes

- ruby-rails-html-sanitizer <not-affected> (Only affects 1.6.0)
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x
https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1 (v1.6.1)
https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505 (v1.6.1)
Search for package or bug name: Reporting problems