GHSA-43cp-6p3q-2pc4

Source

https://github.com/advisories/GHSA-43cp-6p3q-2pc4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-43cp-6p3q-2pc4/GHSA-43cp-6p3q-2pc4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-43cp-6p3q-2pc4

Aliases

CVE-2023-44390

Published

2023-10-04T18:52:35Z

Modified

2024-02-16T08:21:43.398559Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

Details

Impact

The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. Specifically, the requirements for the vulnerability are:

Allowing one foreign element: svg, or math
Comments or one raw text element: iframe, noembed, xmp, title, noframes, style or noscript

Configurations that meet the above requirements plus the following are vulnerable to an additional vulnerability:

Any HTML integration element: title, desc, mi, mo, mn, ms, mtext, annotation-xml.

In case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code.

Note that in the default configuration the vulnerability is not present.

Patches

The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).

Workarounds

Disallow foreign elements svg and math. This is the case in the default configuration, which is therefore not affected by the vulnerability.

References

Affected packages

NuGet / HtmlSanitizer

Package

Name: HtmlSanitizer; View open source insights on deps.dev
Purl: pkg:nuget/HtmlSanitizer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.723

Affected versions

1.*

1.0.4925.29815

1.0.4927.30873

1.1.5243.28448

1.1.5297.28403

1.1.5338.17998

2.*

2.0.5449.20550

2.0.5548.24932

2.0.5595.22183

2.0.5595.30325

2.0.5623.30465

2.0.5735.24296

3.*

3.0.66-beta

3.0.5781.31354-beta

3.1.67-beta

3.1.75-beta

3.1.76

3.1.79

3.1.91

3.1.93

3.1.98

3.2.96-beta

3.2.100-beta

3.2.103

3.2.105

3.3.122-beta

3.3.125-beta

3.3.126-beta

3.3.127-beta

3.3.128-beta

3.3.129-beta

3.3.130-beta

3.3.131-beta

3.3.132-beta

3.3.142

3.3.143-beta

3.3.144-beta

3.3.145-beta

3.3.146-beta

3.3.147-beta

3.3.148-beta

3.4.152-beta

3.4.156

3.5.168-beta

3.5.169-beta

4.*

4.0.179

4.0.180

4.0.181

4.0.182

4.0.183

4.0.185

4.0.187

4.0.197

4.0.199

4.0.201

4.0.204

4.0.205

4.0.207

4.0.210

4.0.217

5.*

5.0.215-beta

5.0.218-beta

5.0.250-beta

5.0.266-beta

5.0.274-beta

5.0.298

5.0.304

5.0.310

5.0.319

5.0.331

5.0.342

5.0.343

5.0.353

5.0.355

5.0.372

5.0.376

5.0.404

6.*

6.0.409-beta

6.0.423-beta

6.0.430-beta

6.0.437

6.0.441

6.0.453

7.*

7.0.470-beta

7.0.473

7.1.475

7.1.488

7.1.509

7.1.512

7.1.542

8.*

8.0.601

8.0.645

8.0.690-beta

8.0.691-beta

8.0.692

8.0.718

NuGet / HtmlSanitizer

Package

Name: HtmlSanitizer; View open source insights on deps.dev
Purl: pkg:nuget/HtmlSanitizer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.1.0-beta

Fixed

8.1.722-beta

Affected versions

8.*

8.1.717-beta

8.1.719-beta