Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/170821?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/170821?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.1.0", "type": "gem", "namespace": "", "name": "rails-html-sanitizer", "version": "1.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.1", "latest_non_vulnerable_version": "1.6.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51454?format=api", "vulnerability_id": "VCID-1gf5-x3qu-pfbg", "summary": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer\n## Summary\n\nThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.\n\n- Versions affected: ALL\n- Not affected: NONE\n- Fixed versions: 1.4.4\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways:\n\n- allow both \"math\" and \"style\" elements,\n- or allow both \"svg\" and \"style\" elements\n\nCode is only impacted if allowed tags are being overridden. Applications may be doing this in four different ways:\n\n1. using application configuration:\n\n ```ruby\n # In config/application.rb\n config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n # or\n config.action_view.sanitized_allowed_tags = [\"svg\", \"style\"]\n ```\n\n see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n ```\n <%= sanitize @comment.body, tags: [\"math\", \"style\"] %>\n <%# or %>\n <%= sanitize @comment.body, tags: [\"svg\", \"style\"] %>\n ```\n\n see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. using Rails::Html::SafeListSanitizer class method `allowed_tags=`:\n\n ```ruby\n # class-level option\n Rails::Html::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n # or\n Rails::Html::SafeListSanitizer.allowed_tags = [\"svg\", \"style\"]\n ```\n\n4. using a `:tags` options to the Rails::Html::SafeListSanitizer instance method `sanitize`:\n\n ```ruby\n # instance-level option\n Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n # or\n Rails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"svg\", \"style\"])\n ```\n\nAll users overriding the allowed tags by any of the above mechanisms to include ((\"math\" or \"svg\") and \"style\") should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\n\nRemove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23519.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3814", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38176", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38205", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38232", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38229", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39564", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23519" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23519.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23519.yml" }, { "reference_url": "https://hackerone.com/reports/1656627", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1656627" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23519", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23519" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153", "reference_id": "1027153", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153744", "reference_id": "2153744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153744" }, { "reference_url": "https://github.com/advisories/GHSA-9h9g-93gc-623h", "reference_id": "GHSA-9h9g-93gc-623h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9h9g-93gc-623h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146483?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m2s-1fe5-g3fq" }, { "vulnerability": "VCID-6s4c-sa6q-z3h7" }, { "vulnerability": "VCID-bfzs-7w2z-ykcm" }, { "vulnerability": "VCID-e7g3-ycac-zba2" }, { "vulnerability": "VCID-ngtb-zrhe-eqd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.4.4" } ], "aliases": [ "CVE-2022-23519", "GHSA-9h9g-93gc-623h", "GMS-2022-8299" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gf5-x3qu-pfbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51459?format=api", "vulnerability_id": "VCID-5m2s-1fe5-g3fq", "summary": "rails-html-sanitizer has XSS vulnerability with certain configurations\n## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content\nif HTML5 sanitization is enabled and the application developer\nhas overridden the sanitizer's allowed tags in the following way:\n\n- the \"math\", \"mtext\", \"table\", and \"style\" elements are allowed\n- and either \"mglyph\" or \"malignmark\" are allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow all of these elements\nexcept for \"table\". Code is only impacted if allowed tags are being\noverridden. Applications may be doing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n allowed tags:\n\n ```ruby\n # In config/application.rb\n config.action_view.sanitized_allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"]\n # or\n config.action_view.sanitized_allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"]\n ```\n\n see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n ```\n <= sanitize @comment.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"] >\n <# or >\n <= sanitize @comment.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"] >\n ```\n\n see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n ```ruby\n # class-level option\n Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"]\n # or\n Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"]\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer\n instance method `sanitize`:\n\n ```ruby\n # instance-level option\n Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"])\n # or\n Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"])\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n ```ruby\n ActionText::ContentHelper.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"]\n # or\n ActionText::ContentHelper.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"]\n ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include (\"math\" and \"mtext\" and \"table\" and \"style\" and (\"mglyph\"\nor \"malignmark\")) should either upgrade or use one of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"mglyph\" and \"malignmark\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2519936\n\n## Credit\n\nThis vulnerability was responsibly reported by So Sakaguchi (mokusou).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53988.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85005", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85001", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85006", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.8499", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53988" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:34:13Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:34:13Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330067", "reference_id": "2330067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330067" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53988", "reference_id": "CVE-2024-53988", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53988" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53988.yml", "reference_id": "CVE-2024-53988.YML", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53988.yml" }, { "reference_url": "https://github.com/advisories/GHSA-cfjx-w229-hgx5", "reference_id": "GHSA-cfjx-w229-hgx5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfjx-w229-hgx5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83367?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.6.1" } ], "aliases": [ "CVE-2024-53988", "GHSA-cfjx-w229-hgx5" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m2s-1fe5-g3fq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51458?format=api", "vulnerability_id": "VCID-6s4c-sa6q-z3h7", "summary": "rails-html-sanitizer has XSS vulnerability with certain configurations\n## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in the following way:\n\n- the \"noscript\" element is explicitly allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow all of these elements. Code\nis only impacted if allowed tags are being overridden. Applications\nmay be doing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n allowed tags:\n\n ```ruby\n # In config/application.rb\n config.action_view.sanitized_allowed_tags = [\"noscript\"]\n ```\n\n see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n ```\n <= sanitize @comment.body, tags: [\"noscript\"] >\n ```\n\n see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n ```ruby\n # class-level option\n Rails::HTML5::SafeListSanitizer.allowed_tags = [\"noscript\"]\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer instance method `sanitize`:\n\n ```ruby\n # instance-level option\n Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"noscript\"])\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n ```ruby\n ActionText::ContentHelper.allowed_tags = [\"noscript\"]\n ```\n\nAll users overriding the allowed tags by any of the above\nmechanisms to include \"noscript\" should either upgrade or use\none of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"noscript\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2509647\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne user\n[@taise](https://hackerone.com/taise?type=user).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53989.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53989.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53989", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85005", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.8499", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85006", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0228", "scoring_system": "epss", "scoring_elements": "0.85001", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53989" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:35:22Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/16251735e36ebdc302e2f90f2a39cad56879414f" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:35:22Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330055", "reference_id": "2330055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330055" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53989", "reference_id": "CVE-2024-53989", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53989" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53989.yml", "reference_id": "CVE-2024-53989.YML", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53989.yml" }, { "reference_url": "https://github.com/advisories/GHSA-rxv5-gxqc-xx8g", "reference_id": "GHSA-rxv5-gxqc-xx8g", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxv5-gxqc-xx8g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83367?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.6.1" } ], "aliases": [ "CVE-2024-53989", "GHSA-rxv5-gxqc-xx8g" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6s4c-sa6q-z3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51455?format=api", "vulnerability_id": "VCID-bbh9-b5xw-rka6", "summary": "Inefficient Regular Expression Complexity in rails-html-sanitizer\n## Summary\n\nCertain configurations of rails-html-sanitizer `< 1.4.4` use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption.\n\n## Mitigation\n\nUpgrade to rails-html-sanitizer `>= 1.4.4`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53221", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53256", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53264", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53247", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53195", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54722", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:07:58Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:07:58Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23517.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23517.yml" }, { "reference_url": "https://hackerone.com/reports/1684163", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:07:58Z/" } ], "url": "https://hackerone.com/reports/1684163" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-02T17:07:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23517", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23517" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153", "reference_id": "1027153", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153720", "reference_id": "2153720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153720" }, { "reference_url": "https://github.com/advisories/GHSA-5x79-w82f-gw8w", "reference_id": "GHSA-5x79-w82f-gw8w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5x79-w82f-gw8w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146483?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m2s-1fe5-g3fq" }, { "vulnerability": "VCID-6s4c-sa6q-z3h7" }, { "vulnerability": "VCID-bfzs-7w2z-ykcm" }, { "vulnerability": "VCID-e7g3-ycac-zba2" }, { "vulnerability": "VCID-ngtb-zrhe-eqd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.4.4" } ], "aliases": [ "CVE-2022-23517", "GHSA-5x79-w82f-gw8w", "GMS-2022-8298" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbh9-b5xw-rka6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51460?format=api", "vulnerability_id": "VCID-bfzs-7w2z-ykcm", "summary": "rails-html-sanitizer has XSS vulnerability with certain configurations\n## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in the following way:\n\n- the \"math\" and \"style\" elements are both explicitly allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for\n[`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow these elements. Code is only\nimpacted if allowed tags are being overridden. Applications may be\ndoing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n allowed tags:\n\n ```ruby\n # In config/application.rb\n config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n ```\n\n see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n ```\n <= sanitize @comment.body, tags: [\"math\", \"style\"]>\n ```\n\n see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n ```ruby\n # class-level option\n Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer\n instance method `sanitize`:\n\n ```ruby\n # instance-level option\n Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n ```ruby\n ActionText::ContentHelper.allowed_tags = [\"math\", \"style\"]\n ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include both \"math\" and \"style\" should either upgrade or use one\nof the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"math\" or \"style\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2519941\n\n## Credit\n\nThis vulnerability was responsibly reported by So Sakaguchi (mokusou).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53986.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53986.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53986", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86057", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86056", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86059", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86055", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86044", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53986" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:33:42Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:33:42Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330056", "reference_id": "2330056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330056" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53986", "reference_id": "CVE-2024-53986", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53986" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53986.yml", "reference_id": "CVE-2024-53986.YML", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53986.yml" }, { "reference_url": "https://github.com/advisories/GHSA-638j-pmjw-jq48", "reference_id": "GHSA-638j-pmjw-jq48", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-638j-pmjw-jq48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83367?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.6.1" } ], "aliases": [ "CVE-2024-53986", "GHSA-638j-pmjw-jq48" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfzs-7w2z-ykcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51463?format=api", "vulnerability_id": "VCID-e7g3-ycac-zba2", "summary": "rails-html-sanitizer has XSS vulnerability with certain configurations\n## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and\nNokogiri < 1.15.7, or 1.16.x < 1.16.8.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\nPlease note that the fix in v1.6.1 is to update the dependency on\nNokogiri to 1.15.7 or >= 1.16.8.\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in either of the following ways:\n\n* allow both \"math\" and \"style\" elements\n* or allow both \"svg\" and \"style\" elements\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for\n[`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nCode is only impacted if allowed tags are being overridden.\nApplications may be doing this in a few different ways:\n\n1. using application configuration to configure Action View\n sanitizers' allowed tags:\n\n ```ruby\n # In config/application.rb\n config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n # or\n config.action_view.sanitized_allowed_tags = [\"svg\", \"style\"]\n ```\n\n see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n ```\n <= sanitize @comment.body, tags: [\"math\", \"style\"] >\n <# or>\n <= sanitize @comment.body, tags: [\"svg\", \"style\"] >\n ```\n\n see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n ```ruby\n # class-level option\n Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n # or\n Rails::HTML5::SafeListSanitizer.allowed_tags = [\"svg\", \"style\"]\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer\n instance method `sanitize`:\n\n ```ruby\n # instance-level option\n Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n # or\n Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"svg\", \"style\"])\n ```\n (note that this class may also be referenced as `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n ```ruby\n ActionText::ContentHelper.allowed_tags = [\"math\", \"style\"]\n # or\n ActionText::ContentHelper.allowed_tags = [\"svg\", \"style\"]\n ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include ((\"math\" or \"svg\") and \"style\") should either upgrade or\nuse one of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"style\" from the overridden allowed tags,\n- Or, remove \"math\" and \"svg\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n for more information)\n- Or, independently upgrade Nokogiri to v1.15.7 or >= 1.16.8.\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2503220\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne user\n[@taise](https://hackerone.com/taise?type=user).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53985.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84734", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.8472", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84733", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84731", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84737", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53985" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:47:47Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/b0220b8850d52199a15f83c472d175a4122dd7b1" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:47:47Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/cd18b0ef00aad1d4a9e1c5d860cd23f80f63c505" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:47:47Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330061", "reference_id": "2330061", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330061" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53985", "reference_id": "CVE-2024-53985", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53985" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53985.yml", "reference_id": "CVE-2024-53985.YML", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53985.yml" }, { "reference_url": "https://github.com/advisories/GHSA-w8gc-x259-rc7x", "reference_id": "GHSA-w8gc-x259-rc7x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8gc-x259-rc7x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83367?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.6.1" } ], "aliases": [ "CVE-2024-53985", "GHSA-w8gc-x259-rc7x" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7g3-ycac-zba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51461?format=api", "vulnerability_id": "VCID-ngtb-zrhe-eqd6", "summary": "rails-html-sanitizer has XSS vulnerability with certain configurations\n## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in the following way:\n\n- the \"style\" element is explicitly allowed\n- the \"svg\" or \"math\" element is not allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow all of these elements. Code\nis only impacted if allowed tags are being overridden. Applications\nmay be doing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n allowed tags:\n\n ```ruby\n # In config/application.rb\n config.action_view.sanitized_allowed_tags = [\"style\"]\n ```\n\n see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n ```\n <= sanitize @comment.body, tags: [\"style\"] >\n ```\n\n see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n ```ruby\n # class-level option\n Rails::HTML5::SafeListSanitizer.allowed_tags = [\"style\"]\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer instance method `sanitize`:\n\n ```ruby\n # instance-level option\n Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"style\"])\n ```\n\n (note that this class may also be referenced as\n `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n ```ruby\n ActionText::ContentHelper.allowed_tags = [\"style\"]\n ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include \"style\" and omit \"svg\" or \"math\" should either upgrade\nor use one of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"style\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2519936\n\n## Credit\n\nThis vulnerability was responsibly reported by So Sakaguchi (mnokusou).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53987.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53987.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53987", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83876", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83864", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83874", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01968", "scoring_system": "epss", "scoring_elements": "0.83879", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53987" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:33:13Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/f02ffbb8465e73920b6de0da940f5530f855965e" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T14:33:13Z/" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330053", "reference_id": "2330053", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330053" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53987", "reference_id": "CVE-2024-53987", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53987" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53987.yml", "reference_id": "CVE-2024-53987.YML", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2024-53987.yml" }, { "reference_url": "https://github.com/advisories/GHSA-2x5m-9ch4-qgrr", "reference_id": "GHSA-2x5m-9ch4-qgrr", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2x5m-9ch4-qgrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83367?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.6.1" } ], "aliases": [ "CVE-2024-53987", "GHSA-2x5m-9ch4-qgrr" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngtb-zrhe-eqd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51462?format=api", "vulnerability_id": "VCID-qbh1-3tjm-v3a3", "summary": "Possible XSS vulnerability with certain configurations of rails-html-sanitizer\n## Summary\n\nThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This is due to an incomplete fix of CVE-2022-32209.\n\n- Versions affected: ALL\n- Not affected: NONE\n- Fixed versions: 1.4.4\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements.\n\nCode is only impacted if allowed tags are being overridden using either of the following two mechanisms:\n\n1. Using the Rails configuration `config.action_view.sanitized_allow_tags=`:\n\n ```ruby\n # In config/application.rb\n config.action_view.sanitized_allowed_tags = [\"select\", \"style\"]\n ```\n\n (see https://guides.rubyonrails.org/configuring.html#configuring-action-view)\n\n2. Using the class method `Rails::Html::SafeListSanitizer.allowed_tags=`:\n\n ```ruby\n # class-level option\n Rails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]\n ```\n\nAll users overriding the allowed tags by either of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.\n\nNOTE: Code is _not_ impacted if allowed tags are overridden using either of the following mechanisms:\n\n- the `:tags` option to the Action View helper method `sanitize`.\n- the `:tags` option to the instance method `SafeListSanitizer#sanitize`.\n\n## Workarounds\n\nRemove either \"select\" or \"style\" from the overridden allowed tags.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23520.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58709", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58739", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58753", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58761", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00363", "scoring_system": "epss", "scoring_elements": "0.58756", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00383", "scoring_system": "epss", "scoring_elements": "0.59975", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23520" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23520.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23520.yml" }, { "reference_url": "https://hackerone.com/reports/1654310", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1654310" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23520", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23520" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153", "reference_id": "1027153", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153751", "reference_id": "2153751", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153751" }, { "reference_url": "https://github.com/advisories/GHSA-rrfc-7g8p-99q8", "reference_id": "GHSA-rrfc-7g8p-99q8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrfc-7g8p-99q8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146483?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m2s-1fe5-g3fq" }, { "vulnerability": "VCID-6s4c-sa6q-z3h7" }, { "vulnerability": "VCID-bfzs-7w2z-ykcm" }, { "vulnerability": "VCID-e7g3-ycac-zba2" }, { "vulnerability": "VCID-ngtb-zrhe-eqd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.4.4" } ], "aliases": [ "CVE-2022-23520", "GHSA-rrfc-7g8p-99q8", "GMS-2022-8301" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbh1-3tjm-v3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51456?format=api", "vulnerability_id": "VCID-swky-b6dd-cfgx", "summary": "Improper neutralization of data URIs may allow XSS in rails-html-sanitizer\n## Summary\n\nrails-html-sanitizer `>= 1.0.3, < 1.4.4` is vulnerable to cross-site scripting via data URIs when used in combination with Loofah `>= 2.1.0`.\n\n## Mitigation\n\nUpgrade to rails-html-sanitizer `>= 1.4.4`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54648", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54688", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54709", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54716", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54706", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56203", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23518" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/issues/135", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer/issues/135" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23518.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-23518.yml" }, { "reference_url": "https://github.com/w3c/svgwg/issues/266", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/w3c/svgwg/issues/266" }, { "reference_url": "https://hackerone.com/reports/1694173", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1694173" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23518", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23518" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153", "reference_id": "1027153", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027153" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153701", "reference_id": "2153701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153701" }, { "reference_url": "https://github.com/advisories/GHSA-mcvf-2q2m-x72m", "reference_id": "GHSA-mcvf-2q2m-x72m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mcvf-2q2m-x72m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/146483?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5m2s-1fe5-g3fq" }, { "vulnerability": "VCID-6s4c-sa6q-z3h7" }, { "vulnerability": "VCID-bfzs-7w2z-ykcm" }, { "vulnerability": "VCID-e7g3-ycac-zba2" }, { "vulnerability": "VCID-ngtb-zrhe-eqd6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.4.4" } ], "aliases": [ "CVE-2022-23518", "GHSA-mcvf-2q2m-x72m", "GMS-2022-8300" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swky-b6dd-cfgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51457?format=api", "vulnerability_id": "VCID-tza8-tnw4-2ya6", "summary": "Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer\nThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.\nThis vulnerability has been assigned the CVE identifier CVE-2022-32209.\n\nVersions Affected: ALL\nNot affected: NONE\nFixed Versions: v1.4.3\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer\nmay allow an attacker to inject content if the application developer has overridden\nthe sanitizer's allowed tags to allow both `select` and `style` elements.\n\nCode is only impacted if allowed tags are being overridden. This may be done via\napplication configuration:\n\n```ruby\n# In config/application.rb\nconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]\n```\n\nsee https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\nOr it may be done with a `:tags` option to the Action View helper `sanitize`:\n\n```\n<%= sanitize @comment.body, tags: [\"select\", \"style\"] %>\n```\n\nsee https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\nOr it may be done with Rails::Html::SafeListSanitizer directly:\n\n```ruby\n# class-level option\nRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]\n```\n\nor\n\n```ruby\n# instance-level option\nRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])\n```\n\nAll users overriding the allowed tags by any of the above mechanisms to include\nboth \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\n\nRemove either `select` or `style` from the overridden allowed tags.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32209.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05478", "scoring_system": "epss", "scoring_elements": "0.90368", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05478", "scoring_system": "epss", "scoring_elements": "0.90396", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.05478", "scoring_system": "epss", "scoring_elements": "0.9038", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05478", "scoring_system": "epss", "scoring_elements": "0.90379", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05478", "scoring_system": "epss", "scoring_elements": "0.90382", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05478", "scoring_system": "epss", "scoring_elements": "0.90383", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32209" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer" }, { "reference_url": "https://github.com/rails/rails-html-sanitizer/commit/45a5c10fed3d9aa141594c80afa06d748fa0967d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails-html-sanitizer/commit/45a5c10fed3d9aa141594c80afa06d748fa0967d" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-32209.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails-html-sanitizer/CVE-2022-32209.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s" }, { "reference_url": "https://hackerone.com/reports/1530898", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1530898" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32209", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32209" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013806", "reference_id": "1013806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013806" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101882", "reference_id": "2101882", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101882" }, { "reference_url": "https://github.com/advisories/GHSA-pg8v-g4xq-hww9", "reference_id": "GHSA-pg8v-g4xq-hww9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pg8v-g4xq-hww9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8506", "reference_id": "RHSA-2022:8506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8506" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149374?format=api", "purl": "pkg:gem/rails-html-sanitizer@1.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gf5-x3qu-pfbg" }, { "vulnerability": "VCID-5m2s-1fe5-g3fq" }, { "vulnerability": "VCID-6s4c-sa6q-z3h7" }, { "vulnerability": "VCID-bbh9-b5xw-rka6" }, { "vulnerability": "VCID-bfzs-7w2z-ykcm" }, { "vulnerability": "VCID-e7g3-ycac-zba2" }, { "vulnerability": "VCID-ngtb-zrhe-eqd6" }, { "vulnerability": "VCID-qbh1-3tjm-v3a3" }, { "vulnerability": "VCID-swky-b6dd-cfgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.4.3" } ], "aliases": [ "CVE-2022-32209", "GHSA-pg8v-g4xq-hww9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tza8-tnw4-2ya6" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails-html-sanitizer@1.1.0" }