CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23527 – Open Redirect in oidc_validate_redirect_url()
https://notcve.org/view.php?id=CVE-2022-23527
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. • https://github.com/zmartzone/mod_auth_openidc/blob/v2.4.12.1/auth_openidc.conf#L975-L984 https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53 https://lists.debian.org/debian-lts-announce/2023/07/msg00020.html https://access.redhat.com/security/cve/CVE-2022-23527 https://bugzilla.redhat.com/show_bug.cgi?id=2153655 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23520 – rails-html-sanitizer contains an incomplete fix for an XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-23520
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 https://hackerone.com/reports/1654310 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23520 https://bugzilla.redhat.com/show_bug.cgi?id=2153751 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23519 – Possible XSS vulnerability with certain configurations of rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h https://hackerone.com/reports/1656627 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23519 https://bugzilla.redhat.com/show_bug.cgi?id=2153744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23518 – Improper neutralization of data URIs allows XSS in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Las versiones >= 1.0.3, < 1.4.4 son vulnerables a Cross-Site Scripting (XSS) a través de URI de datos cuando se usan en combinación con Loofah >= 2.1.0. Este problema está parcheado en la versión 1.4.4. • https://github.com/rails/rails-html-sanitizer/issues/135 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m https://hackerone.com/reports/1694173 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23518 https://bugzilla.redhat.com/show_bug.cgi?id=2153701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23517 – Inefficient Regular Expression Complexity in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23517
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Ciertas configuraciones de rails-html-sanitizer < 1.4.4 utilizan una expresión regular ineficiente que es susceptible a un retroceso excesivo al intentar sanitizar ciertos atributos SVG. • https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w https://hackerone.com/reports/1684163 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23517 https://bugzilla.redhat.com/show_bug.cgi?id=2153720 • CWE-1333: Inefficient Regular Expression Complexity •