Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23517

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.

Published

2022-12-14T17:15:10.130

Last Modified

2024-11-21T06:48:43.810

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-1333
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application rubyonrails rails_html_sanitizers < 1.4.4 Yes
Operating System debian debian_linux 10.0 Yes
References