Vulnerabilites related to sanitize_project - sanitize
cve-2020-4054
Vulnerability from cvelistv5
Published
2020-06-16 22:10
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m | x_refsource_CONFIRM | |
| https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9 | x_refsource_MISC | |
| https://github.com/rgrove/sanitize/releases/tag/v5.2.1 | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4730 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4543-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:52:20.925Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1", }, { name: "DSA-4730", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4730", }, { name: "USN-4543-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4543-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Sanitize", vendor: "rgrove", versions: [ { status: "affected", version: ">= 3.0.0, < 5.2.1", }, ], }, ], descriptions: [ { lang: "en", value: "In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's \"relaxed\" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-28T19:06:13", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1", }, { name: "DSA-4730", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4730", }, { name: "USN-4543-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4543-1/", }, ], source: { advisory: "GHSA-p4x4-rw2p-8j8m", discovery: "UNKNOWN", }, title: "Cross-site Scripting in Sanitize", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-4054", STATE: "PUBLIC", TITLE: "Cross-site Scripting in Sanitize", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Sanitize", version: { version_data: [ { version_value: ">= 3.0.0, < 5.2.1", }, ], }, }, ], }, vendor_name: "rgrove", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's \"relaxed\" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m", refsource: "CONFIRM", url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m", }, { name: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9", refsource: "MISC", url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9", }, { name: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1", refsource: "MISC", url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1", }, { name: "DSA-4730", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4730", }, { name: "USN-4543-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4543-1/", }, ], }, source: { advisory: "GHSA-p4x4-rw2p-8j8m", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-4054", datePublished: "2020-06-16T22:10:13", dateReserved: "2019-12-30T00:00:00", dateUpdated: "2024-08-04T07:52:20.925Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23627
Vulnerability from cvelistv5
Published
2023-01-27 23:44
Modified
2025-03-10 21:17
Severity ?
EPSS score ?
Summary
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:35:33.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-23627", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-10T20:58:50.279686Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-10T21:17:49.562Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "sanitize", vendor: "rgrove", versions: [ { status: "affected", version: ">= 5.0.0, < 6.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-27T23:44:17.617Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7", }, ], source: { advisory: "GHSA-fw3g-2h3j-qmm7", discovery: "UNKNOWN", }, title: "Sanitize vulnerable to Cross-site Scripting via Improper neutralization of `noscript` element", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-23627", datePublished: "2023-01-27T23:44:17.617Z", dateReserved: "2023-01-16T17:07:46.244Z", dateUpdated: "2025-03-10T21:17:49.562Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-3740
Vulnerability from cvelistv5
Published
2018-03-30 19:00
Modified
2024-08-05 04:50
Severity ?
EPSS score ?
Summary
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4358 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/rgrove/sanitize/issues/176 | x_refsource_CONFIRM | |
| https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/ | x_refsource_CONFIRM | |
| https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ryan Grove | sanitize (ruby gem) |
Version: < 4.6.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:50:30.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-4358", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4358", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rgrove/sanitize/issues/176", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "sanitize (ruby gem)", vendor: "Ryan Grove", versions: [ { status: "affected", version: "< 4.6.3", }, ], }, ], datePublic: "2018-03-30T00:00:00", descriptions: [ { lang: "en", value: "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-28T10:57:01", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { name: "DSA-4358", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4358", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rgrove/sanitize/issues/176", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2018-3740", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "sanitize (ruby gem)", version: { version_data: [ { version_value: "< 4.6.3", }, ], }, }, ], }, vendor_name: "Ryan Grove", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)", }, ], }, ], }, references: { reference_data: [ { name: "DSA-4358", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4358", }, { name: "https://github.com/rgrove/sanitize/issues/176", refsource: "CONFIRM", url: "https://github.com/rgrove/sanitize/issues/176", }, { name: "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", refsource: "CONFIRM", url: "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", }, { name: "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e", refsource: "CONFIRM", url: "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2018-3740", datePublished: "2018-03-30T19:00:00", dateReserved: "2017-12-28T00:00:00", dateUpdated: "2024-08-05T04:50:30.616Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36823
Vulnerability from cvelistv5
Published
2023-07-06 15:06
Modified
2025-02-13 16:56
Severity ?
EPSS score ?
Summary
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7", }, { name: "https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220", }, { name: "https://github.com/rgrove/sanitize/releases/tag/v6.0.2", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rgrove/sanitize/releases/tag/v6.0.2", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "sanitize", vendor: "rgrove", versions: [ { status: "affected", version: ">= 3.0.0, < 6.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in \"relaxed\" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\\/` in `style` element content.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T16:06:27.928Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7", }, { name: "https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220", tags: [ "x_refsource_MISC", ], url: "https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220", }, { name: "https://github.com/rgrove/sanitize/releases/tag/v6.0.2", tags: [ "x_refsource_MISC", ], url: "https://github.com/rgrove/sanitize/releases/tag/v6.0.2", }, { url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html", }, ], source: { advisory: "GHSA-f5ww-cq3m-q3g7", discovery: "UNKNOWN", }, title: "Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-36823", datePublished: "2023-07-06T15:06:00.509Z", dateReserved: "2023-06-27T15:43:18.386Z", dateUpdated: "2025-02-13T16:56:27.159Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-06-16 22:15
Modified
2024-11-21 05:32
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sanitize_project | sanitize | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*", matchCriteriaId: "74D82176-DC06-4206-8B6A-EFD1D3D54694", versionEndExcluding: "5.2.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's \"relaxed\" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.", }, { lang: "es", value: "En Sanitize (RubyGem sanitize) versiones mayor o igual a 3.0.0 y menor a 5.2.1, se presenta una vulnerabilidad de tipo cross-site scripting. Cuando se sanea HTML usando la configuración \"relaxed\" de Sanitize, o una configuración personalizada que permite determinados elementos, algún contenido en un elemento math o svg puede no ser saneado correctamente incluso si math y svg no están en la lista de permitidos. Es probable que sea vulnerable a este problema si usa la configuración relaxed de Sanitize o una configuración personalizada que permite uno o más de los siguientes elementos HTML: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Usando entradas cuidadosamente diseñada, un atacante puede infiltrar HTML arbitrario por medio de Sanitize, resultando potencialmente en un ataque de tipo XSS (cross-site scripting) u otro comportamiento no deseado cuando ese HTML es renderizado en un navegador. Esto se ha corregido en la versión 5.2.1", }, ], id: "CVE-2020-4054", lastModified: "2024-11-21T05:32:14.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-16T22:15:10.693", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m", }, { source: "security-advisories@github.com", url: "https://usn.ubuntu.com/4543-1/", }, { source: "security-advisories@github.com", url: "https://www.debian.org/security/2020/dsa-4730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4543-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2020/dsa-4730", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-30 19:29
Modified
2024-11-21 04:05
Severity ?
Summary
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sanitize_project | sanitize | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*", matchCriteriaId: "1F93BF3E-5C64-4376-9EE6-5638B5BCE8B8", versionEndIncluding: "4.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.", }, { lang: "es", value: "Un fragmento HTML especialmente manipulado puede provocar que una gema Sanitize para Ruby permita que se utilicen atributos que no están en una lista blanca en un elemento HTML que sí está en una lista blanca.", }, ], id: "CVE-2018-3740", lastModified: "2024-11-21T04:05:59.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-30T19:29:00.270", references: [ { source: "support@hackerone.com", url: "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e", }, { source: "support@hackerone.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/issues/176", }, { source: "support@hackerone.com", url: "https://www.debian.org/security/2018/dsa-4358", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/issues/176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2018/dsa-4358", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-06 16:15
Modified
2024-11-21 08:10
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sanitize_project | sanitize | * | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*", matchCriteriaId: "16E468AF-E975-414D-A498-B76B34514EA3", versionEndExcluding: "6.0.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in \"relaxed\" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\\/` in `style` element content.", }, ], id: "CVE-2023-36823", lastModified: "2024-11-21T08:10:40.520", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-06T16:15:10.147", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220", }, { source: "security-advisories@github.com", tags: [ "Release Notes", ], url: "https://github.com/rgrove/sanitize/releases/tag/v6.0.2", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/rgrove/sanitize/releases/tag/v6.0.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-28 00:15
Modified
2024-11-21 07:46
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7 | Mitigation, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7 | Mitigation, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sanitize_project | sanitize | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*", matchCriteriaId: "26E22D53-17FD-43AE-9997-3D67C7A8E4A0", versionEndExcluding: "6.0.1", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.", }, { lang: "es", value: "Sanitize es un desinfectante de HTML y CSS basado en listas de permitidos. Las versiones 5.0.0 y posteriores, anteriores a la 6.0.1, son vulnerables a cross-site scripting. Cuando Sanitize se configura con una lista de permitidos personalizada que permite elementos \"noscript\", los atacantes pueden incluir HTML arbitrario, lo que genera XSS (scripting entre sitios) u otro comportamiento no deseado cuando ese HTML se representa en un navegador. Las configuraciones predeterminadas no permiten elementos \"noscript\" y no son vulnerables. Este problema solo afecta a los usuarios que utilizan una configuración personalizada que agrega \"noscript\" a la lista de elementos permitidos. Este problema se solucionó en la versión 6.0.1. Los usuarios que no pueden actualizar pueden evitar este problema usando una de las configuraciones predeterminadas de Sanitize o asegurándose de que su configuración personalizada no incluya \"noscript\" en la lista de elementos permitidos.", }, ], id: "CVE-2023-23627", lastModified: "2024-11-21T07:46:33.960", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-28T00:15:09.577", references: [ { source: "security-advisories@github.com", tags: [ "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Release Notes", "Third Party Advisory", ], url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }