vulnerability

CentOS Linux: CVE-2022-23519: Important: Satellite 6.13 Release (CESA-2023:2097)

Try Surface Command
Back to search
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Dec 14, 2022
Added
May 4, 2023
Modified
Jan 28, 2025

Description

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.

Solution(s)

centos-upgrade-foreman-clicentos-upgrade-python39-pulp_manifestcentos-upgrade-rubygem-amazing_printcentos-upgrade-rubygem-apipie-bindingscentos-upgrade-rubygem-clampcentos-upgrade-rubygem-domain_namecentos-upgrade-rubygem-fast_gettextcentos-upgrade-rubygem-fficentos-upgrade-rubygem-ffi-debuginfocentos-upgrade-rubygem-ffi-debugsourcecentos-upgrade-rubygem-foreman_maintaincentos-upgrade-rubygem-gssapicentos-upgrade-rubygem-hammer_clicentos-upgrade-rubygem-hammer_cli_foremancentos-upgrade-rubygem-hammer_cli_foreman_admincentos-upgrade-rubygem-hammer_cli_foreman_ansiblecentos-upgrade-rubygem-hammer_cli_foreman_azure_rmcentos-upgrade-rubygem-hammer_cli_foreman_bootdiskcentos-upgrade-rubygem-hammer_cli_foreman_discoverycentos-upgrade-rubygem-hammer_cli_foreman_googlecentos-upgrade-rubygem-hammer_cli_foreman_openscapcentos-upgrade-rubygem-hammer_cli_foreman_remote_executioncentos-upgrade-rubygem-hammer_cli_foreman_taskscentos-upgrade-rubygem-hammer_cli_foreman_templatescentos-upgrade-rubygem-hammer_cli_foreman_virt_who_configurecentos-upgrade-rubygem-hammer_cli_foreman_webhookscentos-upgrade-rubygem-hammer_cli_katellocentos-upgrade-rubygem-hashiecentos-upgrade-rubygem-highlinecentos-upgrade-rubygem-http-acceptcentos-upgrade-rubygem-http-cookiecentos-upgrade-rubygem-jwtcentos-upgrade-rubygem-little-pluggercentos-upgrade-rubygem-localecentos-upgrade-rubygem-loggingcentos-upgrade-rubygem-mime-typescentos-upgrade-rubygem-mime-types-datacentos-upgrade-rubygem-multi_jsoncentos-upgrade-rubygem-netrccentos-upgrade-rubygem-oauthcentos-upgrade-rubygem-oauth-ttycentos-upgrade-rubygem-powerbarcentos-upgrade-rubygem-rest-clientcentos-upgrade-rubygem-snaky_hashcentos-upgrade-rubygem-unfcentos-upgrade-rubygem-unf_extcentos-upgrade-rubygem-unf_ext-debuginfocentos-upgrade-rubygem-unf_ext-debugsourcecentos-upgrade-rubygem-unicodecentos-upgrade-rubygem-unicode-debuginfocentos-upgrade-rubygem-unicode-debugsourcecentos-upgrade-rubygem-unicode-display_widthcentos-upgrade-rubygem-version_gemcentos-upgrade-satellite-clicentos-upgrade-satellite-clonecentos-upgrade-satellite-maintain

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today