CVE-2022-23517

Inefficient Regular Expression Complexity in rails-html-sanitizer

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.

rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Ciertas configuraciones de rails-html-sanitizer < 1.4.4 utilizan una expresión regular ineficiente que es susceptible a un retroceso excesivo al intentar sanitizar ciertos atributos SVG. Esto puede provocar una denegación de servicio a través del consumo de recursos de CPU. Este problema se ha corregido en la versión 1.4.4.

An inefficient Regular Expression vulnerability was found in rubygem rails-html-sanitizer. Certain configurations are susceptible to excessive backtracking, leading to a denial of service through CPU resource consumption.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-12-14 CVE Published
2024-08-04 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1333: Inefficient Regular Expression Complexity

CAPEC

References (5)

URL	Tag	Source
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979	2024-02-01

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-23517	2023-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=2153720	2023-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rubyonrails Search vendor "Rubyonrails"		Rails Html Sanitizers Search vendor "Rubyonrails" for product "Rails Html Sanitizers"				< 1.4.4 Search vendor "Rubyonrails" for product "Rails Html Sanitizers" and version " < 1.4.4"		rails		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected