Bug 2101882 (CVE-2022-32209)
Summary: | CVE-2022-32209 rubygem-rails-html-sanitizer: possible xss with certain configurations | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | bbuckingham, bcourt, ehelms, jaruga, jsherril, lzap, mhulan, mvanderw, nmoumoul, orabin, pcreech, pvalena, rchan, ruby-packagers-sig, strzibny, vondruch |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A Cross-site scripting (XSS) vulnerability exists in ruby on rails. This issue could allow an attacker to inject content into the application, leading to loss of integrity and confidentiality.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2101883, 2102690, 2102691 | ||
Bug Blocks: | 2101884 |
Description
Marian Rehak
2022-06-28 15:55:05 UTC
Created rubygem-rails-html-sanitizer tracking bugs for this issue: Affects: fedora-all [bug 2101883] https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800 Versions Affected: ALL Fixed Versions: v1.4.3 https://rubygems.org/gems/rails-html-sanitizer The latest version is 1.4.3. The current versions are below. https://src.fedoraproject.org/rpms/rubygem-rails-html-sanitizer Fedora 37 rubygem-rails-html-sanitizer-1.4.2-2.fc36 Fedora 36 rubygem-rails-html-sanitizer-1.4.2-2.fc36 Fedora 35 rubygem-rails-html-sanitizer-1.4.2-1.fc35 The rubygem-rails-html-sanitizer is FTBFS on rawhide, and one of the gems needed by Ruby on Rails. https://koschei.fedoraproject.org/package/rubygem-rails-html-sanitizer This issue has been addressed in the following products: Red Hat Satellite 6.12 for RHEL 8 Via RHSA-2022:8506 https://access.redhat.com/errata/RHSA-2022:8506 |