CVE-2022-23520

CVSS V2 None CVSS V3 None
Description
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.
Overview
  • CVE ID
  • CVE-2022-23520
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-14T18:15:17
  • Last Modified Date
  • 2022-12-16T21:38:13
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rails_html_sanitizer_project:rails_html_sanitizer:*:*:*:*:*:ruby:*:* 1 OR 1.4.4
References
Reference URL Reference Tags
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
https://hackerone.com/reports/1654310
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-23520
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23520
History
Created Old Value New Value Data Type Notes
2022-12-14 19:16:32 Added to TrackCVE
2022-12-18 04:35:35 2022-12-14T18:15:17.560 2022-12-14T18:15:17 CVE Published Date updated
2022-12-18 04:35:35 2022-12-16T21:38:13 CVE Modified Date updated
2022-12-18 04:35:35 Awaiting Analysis Analyzed Vulnerability Status updated
2022-12-18 04:35:38 CWE-79 Weakness Enumeration new
2022-12-18 04:35:41 CPE Information updated