CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2023-22795 – rubygem-actionpack: Denial of Service in Action Dispatch
https://notcve.org/view.php?id=CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service (ReDoS) flaw in Action Dispatch related to the If-None-Match header. • https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118 https://security.netapp.com/advisory/ntap-20240202-0010 https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2023-22795 https://bugzilla.redhat.com/show_bug.cgi?id=2164799 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25015
https://notcve.org/view.php?id=CVE-2023-25015
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. • https://github.com/ankane/clockwork_web/commit/ec2896503ee231588547c2fad4cb93a94e78f857 https://github.com/ankane/clockwork_web/compare/v0.1.1...v0.1.2 https://github.com/ankane/clockwork_web/issues/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23520 – rails-html-sanitizer contains an incomplete fix for an XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-23520
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 https://hackerone.com/reports/1654310 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23520 https://bugzilla.redhat.com/show_bug.cgi?id=2153751 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23519 – Possible XSS vulnerability with certain configurations of rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h https://hackerone.com/reports/1656627 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23519 https://bugzilla.redhat.com/show_bug.cgi?id=2153744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23518 – Improper neutralization of data URIs allows XSS in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Las versiones >= 1.0.3, < 1.4.4 son vulnerables a Cross-Site Scripting (XSS) a través de URI de datos cuando se usan en combinación con Loofah >= 2.1.0. Este problema está parcheado en la versión 1.4.4. • https://github.com/rails/rails-html-sanitizer/issues/135 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m https://hackerone.com/reports/1694173 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23518 https://bugzilla.redhat.com/show_bug.cgi?id=2153701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •