Bug 2330053 (CVE-2024-53987)
| Summary: | CVE-2024-53987 rails-html-sanitizer: Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | akostadi, amasferr, cbartlet, chazlett, dmayorov, ehelms, ggainey, jlledo, juwatts, kaycoth, mhulan, mkudlej, mmakovy, nmoumoul, pcreech, rchan, smallamp, tjochec, vmugicag |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A cross-site scripting (XSS) vulnerability was found in certain configurations of rails-html-sanitizer. This issue may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2330073, 2330072 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-12-02 22:01:06 UTC
|