CVE-2022-23518

CVSS V2 None CVSS V3 None
Description
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Overview
  • CVE ID
  • CVE-2022-23518
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-14T17:15:10
  • Last Modified Date
  • 2022-12-16T19:17:58
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:loofah_project:loofah:*:*:*:*:*:ruby:*:* 1 OR 2.1.0
cpe:2.3:a:rails_html_sanitizer_project:rails_html_sanitizer:*:*:*:*:*:ruby:*:* 1 OR 1.0.3 1.4.4
History
Created Old Value New Value Data Type Notes
2022-12-14 18:15:35 Added to TrackCVE
2022-12-14 19:16:26 2022-12-14T17:15:10.713 2022-12-14T17:15:10 CVE Published Date updated
2022-12-14 19:16:26 2022-12-14T19:14:44 CVE Modified Date updated
2022-12-14 19:16:26 Received Awaiting Analysis Vulnerability Status updated
2022-12-14 19:16:27 CVSS V3 information new
2022-12-18 04:35:32 2022-12-16T19:17:58 CVE Modified Date updated
2022-12-18 04:35:33 Awaiting Analysis Analyzed Vulnerability Status updated
2022-12-18 04:35:42 CPE Information updated
2022-12-18 04:35:42 CVSS V3 information new