Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Published: December 13, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2022-23518 (NVD)
- GHSA: GHSA-mcvf-2q2m-x72m
- Vendor Advisory: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
UNAFFECTED VERSIONS
< 1.0.3
PATCHED VERSIONS
>= 1.4.4
DESCRIPTION
Summary
rails-html-sanitizer >= 1.0.3, < 1.4.4 is vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0.
Mitigation
Upgrade to rails-html-sanitizer >= 1.4.4.