Published: 14/12/2022 Updated: 01/02/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rubyonrails rails html sanitizers
debian debian linux 10.0

Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...

Debian Bug report logs - #1027153 ruby-rails-html-sanitizer: CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520 Package: src:ruby-rails-html-sanitizer; Maintainer for src:ruby-rails-html-sanitizer is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutil ...

DescriptionThe MITRE CVE dictionary describes this issue as: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications Certain configurations of rails-html-sanitizer < 144 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes This m ...

CWE-1333 https://hackerone.com/reports/1684163 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/errata/RHSA-2023:2097 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-23517

CVE-2022-23517

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect