Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
Mend Note: This vulnerability does not affect RubyGem's Nokogiri directly, but its dependency libxml2, which is downloaded during Nokogiri's depndency resolution.
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2020-4054
### Vulnerable Library - sanitize-4.6.2.gem
Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-36823
### Vulnerable Library - sanitize-4.6.2.gem
Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `Publish Date: 2023-07-06
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-23627
### Vulnerable Library - sanitize-4.6.2.gem
Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
Library home page: https://rubygems.org/gems/sanitize-4.6.2.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-5477
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsA command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
Publish Date: 2019-08-16
URL: CVE-2019-5477
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 2.4%
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2019-08-16
Fix Resolution: nokogiri-v1.10.4, rexical-v1.0.7
WS-2022-0089
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsNokogiri before version 1.13.2 is vulnerable.
Publish Date: 2024-11-03
URL: WS-2022-0089
### Threat AssessmentExploit Maturity: Not Defined
EPSS:
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
Release Date: 2024-11-03
Fix Resolution: nokogiri - v1.13.2
CVE-2022-29181
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsNokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
Publish Date: 2022-05-20
URL: CVE-2022-29181
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.4%
### CVSS 3 Score Details (8.2)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
Release Date: 2022-05-20
Fix Resolution: nokogiri - 1.13.6
CVE-2024-34459
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsAn issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Mend Note: This vulnerability does not affect RubyGem's Nokogiri directly, but its dependency libxml2, which is downloaded during Nokogiri's depndency resolution.
Publish Date: 2024-05-13
URL: CVE-2024-34459
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.0%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-r95h-9x8f-r3f7
Release Date: 2024-05-14
Fix Resolution: libxml2-v2.11.8,v2.12.7, nokogiri - 1.16.5
CVE-2022-24836
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsNokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
Publish Date: 2022-04-11
URL: CVE-2022-24836
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.9%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
Release Date: 2024-08-01
Fix Resolution: nokogiri - 1.13.4
CVE-2021-41098
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsNokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
Publish Date: 2021-09-27
URL: CVE-2021-41098
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098
Release Date: 2021-09-27
Fix Resolution: nokogiri - 1.12.5
CVE-2020-7595
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsxmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
Publish Date: 2020-01-21
URL: CVE-2020-7595
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.6%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-7595
Release Date: 2020-01-21
Fix Resolution: nokogiri - 1.10.8
CVE-2018-3740
### Vulnerable Library - sanitize-4.6.2.gemSanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
Library home page: https://rubygems.org/gems/sanitize-4.6.2.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem
Dependency Hierarchy: - :x: **sanitize-4.6.2.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsA specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Publish Date: 2018-03-30
URL: CVE-2018-3740
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3740
Release Date: 2018-03-30
Fix Resolution: v4.6.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2020-4054
### Vulnerable Library - sanitize-4.6.2.gemSanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
Library home page: https://rubygems.org/gems/sanitize-4.6.2.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem
Dependency Hierarchy: - :x: **sanitize-4.6.2.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsIn Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.
Publish Date: 2020-06-16
URL: CVE-2020-4054
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4054
Release Date: 2020-06-16
Fix Resolution: Sanitize:5.2.1
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-36823
### Vulnerable Library - sanitize-4.6.2.gemSanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
Library home page: https://rubygems.org/gems/sanitize-4.6.2.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem
Dependency Hierarchy: - :x: **sanitize-4.6.2.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsSanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `Publish Date: 2023-07-06
URL: CVE-2023-36823
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (7.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-36823
Release Date: 2023-07-06
Fix Resolution: sanitize - 6.0.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-23627
### Vulnerable Library - sanitize-4.6.2.gemSanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
Library home page: https://rubygems.org/gems/sanitize-4.6.2.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/sanitize-4.6.2.gem
Dependency Hierarchy: - :x: **sanitize-4.6.2.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsSanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.
Publish Date: 2023-01-27
URL: CVE-2023-23627
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7
Release Date: 2023-01-28
Fix Resolution: sanitize - 6.0.1
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2020-26247
### Vulnerable Library - nokogiri-1.8.5.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.8.5.gem
Path to dependency file: /test/acceptance/workspaces/ruby-app-policy/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem,/home/wss-scanner/.gem/ruby/3.2.0/cache/nokogiri-1.8.5.gem
Dependency Hierarchy: - sanitize-4.6.2.gem (Root Library) - :x: **nokogiri-1.8.5.gem** (Vulnerable Library)
Found in HEAD commit: 7e83e87477e0886cad26f767efdb9ffd90d9fbfe
Found in base branch: main
### Vulnerability DetailsNokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
Publish Date: 2020-12-30
URL: CVE-2020-26247
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.2%
### CVSS 3 Score Details (2.6)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2020-12-30
Fix Resolution: 1.11.0.rc4
:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.