Vulnerability-Lookup

CVE-2022-23519 (GCVE-0-2022-23519)

Vulnerability from cvelistv5 – Published: 2022-12-14 16:50 – Updated: 2025-11-03 21:46

Title

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	rails	rails-html-sanitizer	Affected: < 1.4.4

FKIE_CVE-2022-23519

Vulnerability from fkie_nvd - Published: 2022-12-14 17:15 - Updated: 2025-11-03 22:15

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h	Exploit, Third Party Advisory
security-advisories@github.com	https://hackerone.com/reports/1656627	Exploit, Third Party Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://hackerone.com/reports/1656627	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html

Impacted products

	Vendor	Product	Version
	rubyonrails	rails_html_sanitizers	*
	debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
              "matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D",
              "versionEndExcluding": "1.4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways: allow both \"math\" and \"style\" elements,  or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags."
    },
    {
      "lang": "es",
      "value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Antes de la versi\u00f3n 1.4.4, una posible vulnerabilidad XSS con ciertas configuraciones de Rails::Html::Sanitizer pod\u00eda permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n hab\u00eda anulado las etiquetas permitidas del sanitizador de cualquiera de las siguientes maneras: permitir ambas \"math \" y \"syle\", o permitir elementos \"svg\" y \"style\". El c\u00f3digo solo se ve afectado si se anulan las etiquetas permitidas. . Este problema se solucion\u00f3 en la versi\u00f3n 1.4.4. Todos los usuarios que anulen las etiquetas permitidas para incluir \"math\" o \"svg\" y \"style\" deben actualizar o utilizar el siguiente workaround inmediatamente: eliminar \"style\" de las etiquetas permitidas anuladas, o eliminar \"math\" y \"svg\" de la etiquetas permitidas anuladas."
    }
  ],
  "id": "CVE-2022-23519",
  "lastModified": "2025-11-03T22:15:56.660",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-14T17:15:11.067",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1656627"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1656627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9H9G-93GC-623H

Vulnerability from github – Published: 2022-12-13 17:50 – Updated: 2025-11-04 16:41

Summary

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Details

Summary

There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.

Versions affected: ALL
Not affected: NONE
Fixed versions: 1.4.4

Impact

A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways:

allow both "math" and "style" elements,
or allow both "svg" and "style" elements

Code is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways:

using application configuration:

ruby # In config/application.rb config.action_view.sanitized_allowed_tags = ["math", "style"] # or config.action_view.sanitized_allowed_tags = ["svg", "style"]

see https://guides.rubyonrails.org/configuring.html#configuring-action-view

using a :tags option to the Action View helper sanitize:

<%= sanitize @comment.body, tags: ["math", "style"] %> <%# or %> <%= sanitize @comment.body, tags: ["svg", "style"] %>

see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize

using Rails::Html::SafeListSanitizer class method allowed_tags=:

ruby # class-level option Rails::Html::SafeListSanitizer.allowed_tags = ["math", "style"] # or Rails::Html::SafeListSanitizer.allowed_tags = ["svg", "style"]

using a :tags options to the Rails::Html::SafeListSanitizer instance method sanitize:

ruby # instance-level option Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "style"]) # or Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["svg", "style"])

All users overriding the allowed tags by any of the above mechanisms to include (("math" or "svg") and "style") should either upgrade or use one of the workarounds immediately.

Workarounds

Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.

References

CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
https://hackerone.com/reports/1656627

Credit

This vulnerability was responsibly reported by Dominic Breuker.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rails-html-sanitizer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T17:50:25Z",
    "nvd_published_at": "2022-12-14T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.\n\n- Versions affected: ALL\n- Not affected: NONE\n- Fixed versions: 1.4.4\n\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways:\n\n- allow both \"math\" and \"style\" elements,\n- or allow both \"svg\" and \"style\" elements\n\nCode is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways:\n\n1. using application configuration:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n  # or\n  config.action_view.sanitized_allowed_tags = [\"svg\", \"style\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  \u003c%= sanitize @comment.body, tags: [\"math\", \"style\"] %\u003e\n  \u003c%# or %\u003e\n  \u003c%= sanitize @comment.body, tags: [\"svg\", \"style\"] %\u003e\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. using Rails::Html::SafeListSanitizer class method `allowed_tags=`:\n\n  ```ruby\n  # class-level option\n  Rails::Html::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n  # or\n  Rails::Html::SafeListSanitizer.allowed_tags = [\"svg\", \"style\"]\n  ```\n\n4. using a `:tags` options to the Rails::Html::SafeListSanitizer instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n  # or\n  Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"svg\", \"style\"])\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms to include ((\"math\" or \"svg\") and \"style\") should either upgrade or use one of the workarounds immediately.\n\n\n## Workarounds\n\nRemove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- https://hackerone.com/reports/1656627\n\n\n## Credit\n\nThis vulnerability was responsibly reported by Dominic Breuker.",
  "id": "GHSA-9h9g-93gc-623h",
  "modified": "2025-11-04T16:41:59Z",
  "published": "2022-12-13T17:50:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23519"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1656627"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rails/rails-html-sanitizer"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23519.yml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer"
}

GSD-2022-23519

Vulnerability from gsd - Updated: 2022-12-13 00:00

Details

## Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 ## Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: - allow both "math" and "style" elements, - or allow both "svg" and "style" elements Code is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways: 1. using application configuration: ```ruby # In config/application.rb config.action_view.sanitized_allowed_tags = ["math", "style"] # or config.action_view.sanitized_allowed_tags = ["svg", "style"] ``` see https://guides.rubyonrails.org/configuring.html#configuring-action-view 2. using a `:tags` option to the Action View helper `sanitize`: ``` <%= sanitize @comment.body, tags: ["math", "style"] %> <%# or %> <%= sanitize @comment.body, tags: ["svg", "style"] %> ``` see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize 3. using Rails::Html::SafeListSanitizer class method `allowed_tags=`: ```ruby # class-level option Rails::Html::SafeListSanitizer.allowed_tags = ["math", "style"] # or Rails::Html::SafeListSanitizer.allowed_tags = ["svg", "style"] ``` 4. using a `:tags` options to the Rails::Html::SafeListSanitizer instance method `sanitize`: ```ruby # instance-level option Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["math", "style"]) # or Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["svg", "style"]) ``` All users overriding the allowed tags by any of the above mechanisms to include (("math" or "svg") and "style") should either upgrade or use one of the workarounds immediately. ## Workarounds Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.

Aliases

CVE-2022-23519

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23519",
    "id": "GSD-2022-23519",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-23519.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rails-html-sanitizer",
            "purl": "pkg:gem/rails-html-sanitizer"
          }
        }
      ],
      "aliases": [
        "CVE-2022-23519",
        "GHSA-9h9g-93gc-623h"
      ],
      "details": "## Summary\n\nThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.\n\n- Versions affected: ALL\n- Not affected: NONE\n- Fixed versions: 1.4.4\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways:\n\n- allow both \"math\" and \"style\" elements,\n- or allow both \"svg\" and \"style\" elements\n\nCode is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways:\n\n1. using application configuration:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n  # or\n  config.action_view.sanitized_allowed_tags = [\"svg\", \"style\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  \u003c%= sanitize @comment.body, tags: [\"math\", \"style\"] %\u003e\n  \u003c%# or %\u003e\n  \u003c%= sanitize @comment.body, tags: [\"svg\", \"style\"] %\u003e\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. using Rails::Html::SafeListSanitizer class method `allowed_tags=`:\n\n  ```ruby\n  # class-level option\n  Rails::Html::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n  # or\n  Rails::Html::SafeListSanitizer.allowed_tags = [\"svg\", \"style\"]\n  ```\n\n4. using a `:tags` options to the Rails::Html::SafeListSanitizer instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n  # or\n  Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"svg\", \"style\"])\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms to include ((\"math\" or \"svg\") and \"style\") should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\n\nRemove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n",
      "id": "GSD-2022-23519",
      "modified": "2022-12-13T00:00:00.000Z",
      "published": "2022-12-13T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
        },
        {
          "type": "WEB",
          "url": "https://cwe.mitre.org/data/definitions/79.html"
        },
        {
          "type": "WEB",
          "url": "https://hackerone.com/reports/1656627"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 6.1,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23519",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "rails-html-sanitizer",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.4.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "rails"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways: allow both \"math\" and \"style\" elements,  or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-79",
                "lang": "eng",
                "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h",
            "refsource": "MISC",
            "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
          },
          {
            "name": "https://hackerone.com/reports/1656627",
            "refsource": "MISC",
            "url": "https://hackerone.com/reports/1656627"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-9h9g-93gc-623h",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2022-23519",
      "cvss_v3": 6.1,
      "date": "2022-12-13",
      "description": "## Summary\n\nThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.\n\n- Versions affected: ALL\n- Not affected: NONE\n- Fixed versions: 1.4.4\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways:\n\n- allow both \"math\" and \"style\" elements,\n- or allow both \"svg\" and \"style\" elements\n\nCode is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways:\n\n1. using application configuration:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n  # or\n  config.action_view.sanitized_allowed_tags = [\"svg\", \"style\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  \u003c%= sanitize @comment.body, tags: [\"math\", \"style\"] %\u003e\n  \u003c%# or %\u003e\n  \u003c%= sanitize @comment.body, tags: [\"svg\", \"style\"] %\u003e\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. using Rails::Html::SafeListSanitizer class method `allowed_tags=`:\n\n  ```ruby\n  # class-level option\n  Rails::Html::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n  # or\n  Rails::Html::SafeListSanitizer.allowed_tags = [\"svg\", \"style\"]\n  ```\n\n4. using a `:tags` options to the Rails::Html::SafeListSanitizer instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n  # or\n  Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"svg\", \"style\"])\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms to include ((\"math\" or \"svg\") and \"style\") should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\n\nRemove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n",
      "gem": "rails-html-sanitizer",
      "ghsa": "9h9g-93gc-623h",
      "patched_versions": [
        "\u003e= 1.4.4"
      ],
      "related": {
        "url": [
          "https://cwe.mitre.org/data/definitions/79.html",
          "https://hackerone.com/reports/1656627"
        ]
      },
      "title": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer",
      "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.4.4",
          "affected_versions": "All versions before 1.4.4",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-12-16",
          "description": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.",
          "fixed_versions": [
            "1.4.4"
          ],
          "identifier": "CVE-2022-23519",
          "identifiers": [
            "CVE-2022-23519",
            "GHSA-9h9g-93gc-623h",
            "GMS-2022-8299"
          ],
          "not_impacted": "All versions starting from 1.4.4",
          "package_slug": "gem/rails-html-sanitizer",
          "pubdate": "2022-12-14",
          "solution": "Upgrade to version 1.4.4 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23519",
            "https://hackerone.com/reports/1656627",
            "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h",
            "https://github.com/advisories/GHSA-9h9g-93gc-623h"
          ],
          "uuid": "14e9e407-48cc-4c20-ac86-39f71f55fc99"
        },
        {
          "affected_range": "\u003c0",
          "affected_versions": "All versions before 1.4.4",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-12-13",
          "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in rails-html-sanitizer.",
          "fixed_versions": [
            "1.4.4"
          ],
          "identifier": "GMS-2022-8299",
          "identifiers": [
            "GHSA-9h9g-93gc-623h",
            "GMS-2022-8299",
            "CVE-2022-23519"
          ],
          "not_impacted": "All versions starting from 1.4.4",
          "package_slug": "gem/rails-html-sanitizer",
          "pubdate": "2022-12-13",
          "solution": "Upgrade to version 1.4.4 or above.",
          "title": "Duplicate of ./gem/rails-html-sanitizer/CVE-2022-23519.yml",
          "urls": [
            "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h",
            "https://hackerone.com/reports/1656627",
            "https://github.com/advisories/GHSA-9h9g-93gc-623h"
          ],
          "uuid": "3579ccc6-601e-412d-9f40-02327e052d2d"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:rubyonrails:rails_html_sanitizers:*:*:*:*:*:rails:*:*",
                    "matchCriteriaId": "CC2FBD9D-39C2-4D54-83B6-B3C334623A8D",
                    "versionEndExcluding": "1.4.4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer\u0027s allowed tags in either of the following ways: allow both \"math\" and \"style\" elements,  or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.\n"
          },
          {
            "lang": "es",
            "value": "rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Antes de la versi\u00f3n 1.4.4, una posible vulnerabilidad XSS con ciertas configuraciones de Rails::Html::Sanitizer pod\u00eda permitir a un atacante inyectar contenido si el desarrollador de la aplicaci\u00f3n hab\u00eda anulado las etiquetas permitidas del sanitizador de cualquiera de las siguientes maneras: permitir ambas \"math \" y \"syle\", o permitir elementos \"svg\" y \"style\". El c\u00f3digo solo se ve afectado si se anulan las etiquetas permitidas. . Este problema se solucion\u00f3 en la versi\u00f3n 1.4.4. Todos los usuarios que anulen las etiquetas permitidas para incluir \"math\" o \"svg\" y \"style\" deben actualizar o utilizar el siguiente workaround inmediatamente: eliminar \"style\" de las etiquetas permitidas anuladas, o eliminar \"math\" y \"svg\" de la etiquetas permitidas anuladas."
          }
        ],
        "id": "CVE-2022-23519",
        "lastModified": "2024-02-01T15:59:04.693",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 2.7,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2022-12-14T17:15:11.067",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://hackerone.com/reports/1656627"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

CVE-2022-23519

Vulnerability from fstec - Published: 14.12.2022

Title

Уязвимость реализации конфигурации инструмента очистки HTML для приложений Rails Rails Html Sanitizer, связанная с неправильной нейтрализацией входных данных во время генерации веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

Description

Уязвимость реализации конфигурации инструмента очистки HTML для приложений Rails Rails Html Sanitizer связана с внедрением контента, если разработчик приложения переопределил разрешенные теги "math" и "style" или "svg" и "style". Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить межсайтовые сценарные атаки

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vendor

ООО «Ред Софт», АО "НППКТ", Rails Core Team

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Rails Html Sanitizer

Software Version

7.3 (РЕД ОС), до 2.9 (ОСОН ОСнова Оnyx), до 1.4.4 (Rails Html Sanitizer)

Possible Mitigations

Для Rails Html Sanitizer: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d https://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082 https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОСОН ОСнова Оnyx: Обновление программного обеспечения ruby-rails-html-sanitizer до версии 1.0.4-1+deb10u2

Reference

https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md https://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082 https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h https://redos.red-soft.ru/support/secure/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/

CWE

CWE-79

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", Rails Core Team",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 1.4.4 (Rails Html Sanitizer)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Rails Html Sanitizer:\nhttps://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h\nhttps://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md\nhttps://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d\nhttps://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082\nhttps://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c\nhttps://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx: \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f ruby-rails-html-sanitizer \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.0.4-1+deb10u2",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.12.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.08.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06512",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-23519",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Rails Html Sanitizer",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 HTML \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Rails Rails Html Sanitizer, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 HTML \u0434\u043b\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Rails Rails Html Sanitizer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u0435\u0441\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u043b \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \u0442\u0435\u0433\u0438 \"math\" \u0438 \"style\" \u0438\u043b\u0438 \"svg\" \u0438 \"style\". \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md\nhttps://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082\nhttps://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b\nhttps://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c\nhttps://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d\nhttps://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h\nhttps://redos.red-soft.ru/support/secure/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-23519 (GCVE-0-2022-23519)

FKIE_CVE-2022-23519

GHSA-9H9G-93GC-623H

Summary

Impact

Workarounds

References

Credit

GSD-2022-23519

CVE-2022-23519

Tags

Sightings

Nomenclature