Bug 2153751 (CVE-2022-23520) - CVE-2022-23520 rubygem-rails-html-sanitizer: Cross site scripting vulnerability with certain configurations
Summary: CVE-2022-23520 rubygem-rails-html-sanitizer: Cross site scripting vulnerabili...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-23520
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2153753 2153724 2153725 2153752 2153755
Blocks: 2153085
TreeView+ depends on / blocked
 
Reported: 2022-12-15 10:52 UTC by ybuenos
Modified: 2023-05-03 23:14 UTC (History)
16 users (show)

Fixed In Version: rubygem-rails-html-sanitizer 1.4.4
Doc Type: ---
Doc Text:
A Cross-site scripting vulnerability was found in rails-html-sanitizer. Certain configurations of rails-html-sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags.
Clone Of:
Environment:
Last Closed: 2023-05-03 23:14:22 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:2097 0 None None None 2023-05-03 13:20:25 UTC

Description ybuenos 2022-12-15 10:52:25 UTC
In Rails-html-sanitizer prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

Comment 1 ybuenos 2022-12-15 10:53:49 UTC
Created rubygem-rails-html-sanitizer tracking bugs for this issue:

Affects: fedora-36 [bug 2153752]
Affects: fedora-37 [bug 2153753]

Comment 5 errata-xmlrpc 2023-05-03 13:20:23 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.13 for RHEL 8

Via RHSA-2023:2097 https://access.redhat.com/errata/RHSA-2023:2097

Comment 6 Product Security DevOps Team 2023-05-03 23:14:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-23520


Note You need to log in before you can comment on or make changes to this bug.