cve-2020-4054
Vulnerability from cvelistv5
Published
2020-06-16 22:10
Modified
2024-08-04 07:52
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
0.48% (0.62619)
Summary
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.
References
security-advisories@github.comhttps://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/rgrove/sanitize/releases/tag/v5.2.1Release Notes, Third Party Advisory
security-advisories@github.comhttps://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8mThird Party Advisory
security-advisories@github.comhttps://usn.ubuntu.com/4543-1/
security-advisories@github.comhttps://www.debian.org/security/2020/dsa-4730
af854a3a-2127-422b-91ae-364da2661108https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rgrove/sanitize/releases/tag/v5.2.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8mThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4543-1/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4730
Impacted products
Vendor Product Version
rgrove Sanitize Version: >= 3.0.0, < 5.2.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T07:52:20.925Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1",
               },
               {
                  name: "DSA-4730",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4730",
               },
               {
                  name: "USN-4543-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4543-1/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Sanitize",
               vendor: "rgrove",
               versions: [
                  {
                     status: "affected",
                     version: ">= 3.0.0, < 5.2.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's \"relaxed\" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-28T19:06:13",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1",
            },
            {
               name: "DSA-4730",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4730",
            },
            {
               name: "USN-4543-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4543-1/",
            },
         ],
         source: {
            advisory: "GHSA-p4x4-rw2p-8j8m",
            discovery: "UNKNOWN",
         },
         title: "Cross-site Scripting in Sanitize",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security-advisories@github.com",
               ID: "CVE-2020-4054",
               STATE: "PUBLIC",
               TITLE: "Cross-site Scripting in Sanitize",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Sanitize",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: ">= 3.0.0, < 5.2.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "rgrove",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's \"relaxed\" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.3,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m",
                     refsource: "CONFIRM",
                     url: "https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m",
                  },
                  {
                     name: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9",
                     refsource: "MISC",
                     url: "https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9",
                  },
                  {
                     name: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1",
                     refsource: "MISC",
                     url: "https://github.com/rgrove/sanitize/releases/tag/v5.2.1",
                  },
                  {
                     name: "DSA-4730",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4730",
                  },
                  {
                     name: "USN-4543-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4543-1/",
                  },
               ],
            },
            source: {
               advisory: "GHSA-p4x4-rw2p-8j8m",
               discovery: "UNKNOWN",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2020-4054",
      datePublished: "2020-06-16T22:10:13",
      dateReserved: "2019-12-30T00:00:00",
      dateUpdated: "2024-08-04T07:52:20.925Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2020-4054\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-06-16T22:15:10.693\",\"lastModified\":\"2024-11-21T05:32:14.050\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's \\\"relaxed\\\" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.\"},{\"lang\":\"es\",\"value\":\"En Sanitize (RubyGem sanitize) versiones mayor o igual a 3.0.0 y menor a 5.2.1, se presenta una vulnerabilidad de tipo cross-site scripting. Cuando se sanea HTML usando la configuración \\\"relaxed\\\" de Sanitize, o una configuración personalizada que permite determinados elementos, algún contenido en un elemento math o svg puede no ser saneado correctamente incluso si math y svg no están en la lista de permitidos. Es probable que sea vulnerable a este problema si usa la configuración relaxed de Sanitize o una configuración personalizada que permite uno o más de los siguientes elementos HTML: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Usando entradas cuidadosamente diseñada, un atacante puede infiltrar HTML arbitrario por medio de Sanitize, resultando potencialmente en un ataque de tipo XSS (cross-site scripting) u otro comportamiento no deseado cuando ese HTML es renderizado en un navegador. Esto se ha corregido en la versión 5.2.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sanitize_project:sanitize:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"5.2.1\",\"matchCriteriaId\":\"74D82176-DC06-4206-8B6A-EFD1D3D54694\"}]}]}],\"references\":[{\"url\":\"https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rgrove/sanitize/releases/tag/v5.2.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4543-1/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4730\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rgrove/sanitize/releases/tag/v5.2.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4543-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4730\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.