UBUNTU-CVE-2024-53989

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-53989

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-53989.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-53989

Related

CVE-2024-53989

Published

2024-12-02T21:15:00Z

Modified

2025-01-13T10:26:50Z

Summary

[none]

Details

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ruby-rails-html-sanitizer

Package

Name: ruby-rails-html-sanitizer
Purl: pkg:deb/ubuntu/ruby-rails-html-sanitizer@1.0.3-2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.2-1

1.0.3-1

1.0.3-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ruby-rails-html-sanitizer

Package

Name: ruby-rails-html-sanitizer
Purl: pkg:deb/ubuntu/ruby-rails-html-sanitizer@1.0.4-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.3-2

1.0.4-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ruby-rails-html-sanitizer

Package

Name: ruby-rails-html-sanitizer
Purl: pkg:deb/ubuntu/ruby-rails-html-sanitizer@1.3.0-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.4-1

1.3.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ruby-rails-html-sanitizer

Package

Name: ruby-rails-html-sanitizer
Purl: pkg:deb/ubuntu/ruby-rails-html-sanitizer@1.4.2-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0-2

1.4.2-1

1.4.2-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ruby-rails-html-sanitizer

Package

Name: ruby-rails-html-sanitizer
Purl: pkg:deb/ubuntu/ruby-rails-html-sanitizer@1.4.4-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.4-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ruby-rails-html-sanitizer

Package

Name: ruby-rails-html-sanitizer
Purl: pkg:deb/ubuntu/ruby-rails-html-sanitizer@1.4.4-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.4-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}