CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23517 – Inefficient Regular Expression Complexity in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23517
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Ciertas configuraciones de rails-html-sanitizer < 1.4.4 utilizan una expresión regular ineficiente que es susceptible a un retroceso excesivo al intentar sanitizar ciertos atributos SVG. • https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w https://hackerone.com/reports/1684163 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23517 https://bugzilla.redhat.com/show_bug.cgi?id=2153720 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3704 – Ruby on Rails _table.html.erb cross site scripting
https://notcve.org/view.php?id=CVE-2022-3704
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. • https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 https://github.com/rails/rails/issues/46244 https://vuldb.com/?id.212319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-32209 – rubygem-rails-html-sanitizer: possible xss with certain configurations
https://notcve.org/view.php?id=CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user). # Una Posible vulnerabilidad XSS en Rails::Html::Sanitizer Se presenta una posible vulnerabilidad XSS con determinadas configuraciones de Rails::Html::Sanitizer. Esta vulnerabilidad le ha sido asignada el identificador CVE CVE-2022-32209. Versiones afectadas: TODAS No se han visto afectadas: NONE Versiones Corregidas: v1.4.3## Impacto Una posible vulnerabilidad de tipo XSS con determinadas configuraciones de Rails::Html::Sanitizer puede permitir a un atacante inyectar contenido si el desarrollador de la aplicación ha anulado las etiquetas permitidas del saneador para permitir tanto los elementos "select" como "style". • https://hackerone.com/reports/1530898 https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47 https://access.redhat.com/security/cve/CVE-2022-32209 https://bugzilla.redhat.com/show_bug.cgi?id=2101882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2022-21831
https://notcve.org/view.php?id=CVE-2022-21831
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Se presenta una vulnerabilidad de inyección de código en Active Storage versiones posteriores a v5.2.0 incluyéndola, que podría permitir a un atacante ejecutar código por medio de argumentos image_processing • https://github.com/advisories/GHSA-w749-p3v6-hccq https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0001 https://www.debian.org/security/2023/dsa-5372 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-27777 – tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers
https://notcve.org/view.php?id=CVE-2022-27777
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Una vulnerabilidad de tipo XSS en Action View tag helpers versiones posteriores a 5.2.0 incluyéndola y versiones anteriores a 5.2.0, que permitiría a un atacante inyectar contenido si es capaz de controlar la entrada en atributos específicos A flaw was found in rubygem-actionview when untrusted data such as the hash key for tag attributes are not properly escaped. This flaw allows an attacker to perform a Cross-site scripting attack. • https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://www.debian.org/security/2023/dsa-5372 https://access.redhat.com/security/cve/CVE-2022-27777 https://bugzilla.redhat.com/show_bug.cgi?id=2080296 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •