CVE-2022-23519

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.

rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Antes de la versión 1.4.4, una posible vulnerabilidad XSS con ciertas configuraciones de Rails::Html::Sanitizer podía permitir a un atacante inyectar contenido si el desarrollador de la aplicación había anulado las etiquetas permitidas del sanitizador de cualquiera de las siguientes maneras: permitir ambas "math " y "syle", o permitir elementos "svg" y "style". El código solo se ve afectado si se anulan las etiquetas permitidas. . Este problema se solucionó en la versión 1.4.4. Todos los usuarios que anulen las etiquetas permitidas para incluir "math" o "svg" y "style" deben actualizar o utilizar el siguiente workaround inmediatamente: eliminar "style" de las etiquetas permitidas anuladas, o eliminar "math" y "svg" de la etiquetas permitidas anuladas.

A Cross-site scripting vulnerability was found in rails-html-sanitizer. Certain configurations of rails-html-sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-12-14 CVE Published
2024-07-06 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (5)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html	Mailing List

URL	Date	SRC
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h	2024-08-03
https://hackerone.com/reports/1656627	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-23519	2023-05-03
https://bugzilla.redhat.com/show_bug.cgi?id=2153744	2023-05-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rubyonrails Search vendor "Rubyonrails"		Rails Html Sanitizers Search vendor "Rubyonrails" for product "Rails Html Sanitizers"				< 1.4.4 Search vendor "Rubyonrails" for product "Rails Html Sanitizers" and version " < 1.4.4"		rails		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected