bundle-audit-results/bundle-audit.json


			
				
				
					
						
						
						
							
							
							{"version":"0.9.2","created_at":"2024-12-04 07:33:32 +0100","results":[{"type":"unpatched_gem","gem":{"name":"rails-html-sanitizer","version":"1.6.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2024-53985.yml","id":"CVE-2024-53985","url":"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-w8gc-x259-rc7x","title":"rails-html-sanitizer has XSS vulnerability with certain configurations","date":"2024-12-02","description":"## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and\nNokogiri < 1.15.7, or 1.16.x < 1.16.8.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\nPlease note that the fix in v1.6.1 is to update the dependency on\nNokogiri to 1.15.7 or >= 1.16.8.\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in either of the following ways:\n\n* allow both \"math\" and \"style\" elements\n* or allow both \"svg\" and \"style\" elements\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for\n[`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nCode is only impacted if allowed tags are being overridden.\nApplications may be doing this in a few different ways:\n\n1. using application configuration to configure Action View\n   sanitizers' allowed tags:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n  # or\n  config.action_view.sanitized_allowed_tags = [\"svg\", \"style\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  <= sanitize @comment.body, tags: [\"math\", \"style\"] >\n  <# or>\n  <= sanitize @comment.body, tags: [\"svg\", \"style\"] >\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n  ```ruby\n  # class-level option\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n  # or\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"svg\", \"style\"]\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer\n   instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n  # or\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"svg\", \"style\"])\n  ```\n  (note that this class may also be referenced as `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n  ```ruby\n  ActionText::ContentHelper.allowed_tags = [\"math\", \"style\"]\n  # or\n  ActionText::ContentHelper.allowed_tags = [\"svg\", \"style\"]\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include ((\"math\" or \"svg\") and \"style\") should either upgrade or\nuse one of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"style\" from the overridden allowed tags,\n- Or, remove \"math\" and \"svg\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n  [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n  and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n  for more information)\n- Or, independently upgrade Nokogiri to v1.15.7 or >= 1.16.8.\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2503220\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne user\n[@taise](https://hackerone.com/taise?type=user).\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-53985","osvdb":null,"ghsa":"w8gc-x259-rc7x","unaffected_versions":["< 1.6.0"],"patched_versions":[">= 1.6.1"],"criticality":null}},{"type":"unpatched_gem","gem":{"name":"rails-html-sanitizer","version":"1.6.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2024-53986.yml","id":"CVE-2024-53986","url":"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-638j-pmjw-jq48","title":"rails-html-sanitizer has XSS vulnerability with certain configurations","date":"2024-12-02","description":"## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in the following way:\n\n- the \"math\" and \"style\" elements are both explicitly allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for\n[`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow these elements. Code is only\nimpacted if allowed tags are being overridden. Applications may be\ndoing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n   allowed tags:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"math\", \"style\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  <= sanitize @comment.body, tags: [\"math\", \"style\"]>\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n  ```ruby\n  # class-level option\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"style\"]\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer\n   instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"style\"])\n  ```\n\n  (note that this class may also be referenced as\n   `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n  ```ruby\n  ActionText::ContentHelper.allowed_tags = [\"math\", \"style\"]\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include both \"math\" and \"style\" should either upgrade or use one\nof the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"math\" or \"style\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n  [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n  and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n  for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2519941\n\n## Credit\n\nThis vulnerability was responsibly reported by So Sakaguchi (mokusou).\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-53986","osvdb":null,"ghsa":"638j-pmjw-jq48","unaffected_versions":["< 1.6.0"],"patched_versions":[">= 1.6.1"],"criticality":null}},{"type":"unpatched_gem","gem":{"name":"rails-html-sanitizer","version":"1.6.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2024-53987.yml","id":"CVE-2024-53987","url":"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-2x5m-9ch4-qgrr","title":"rails-html-sanitizer has XSS vulnerability with certain configurations","date":"2024-12-02","description":"## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in the following way:\n\n- the \"style\" element is explicitly allowed\n- the \"svg\" or \"math\" element is not allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow all of these elements. Code\nis only impacted if allowed tags are being overridden. Applications\nmay be doing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n   allowed tags:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"style\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  <= sanitize @comment.body, tags: [\"style\"] >\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n  ```ruby\n  # class-level option\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"style\"]\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"style\"])\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n  ```ruby\n  ActionText::ContentHelper.allowed_tags = [\"style\"]\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include \"style\" and omit \"svg\" or \"math\" should either upgrade\nor use one of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"style\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n  [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n  and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n  for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2519936\n\n## Credit\n\nThis vulnerability was responsibly reported by So Sakaguchi (mnokusou).\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-53987","osvdb":null,"ghsa":"2x5m-9ch4-qgrr","unaffected_versions":["< 1.6.0"],"patched_versions":[">= 1.6.1"],"criticality":null}},{"type":"unpatched_gem","gem":{"name":"rails-html-sanitizer","version":"1.6.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2024-53988.yml","id":"CVE-2024-53988","url":"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5","title":"rails-html-sanitizer has XSS vulnerability with certain configurations","date":"2024-12-02","description":"## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content\nif HTML5 sanitization is enabled and the application developer\nhas overridden the sanitizer's allowed tags in the following way:\n\n- the \"math\", \"mtext\", \"table\", and \"style\" elements are allowed\n- and either \"mglyph\" or \"malignmark\" are allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow all of these elements\nexcept for \"table\". Code is only impacted if allowed tags are being\noverridden. Applications may be doing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n   allowed tags:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"]\n  # or\n  config.action_view.sanitized_allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  <= sanitize @comment.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"] >\n  <# or >\n  <= sanitize @comment.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"] >\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n  ```ruby\n  # class-level option\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"]\n  # or\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"]\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer\n   instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"])\n  # or\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"])\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n  ```ruby\n  ActionText::ContentHelper.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"mglyph\"]\n  # or\n  ActionText::ContentHelper.allowed_tags = [\"math\", \"mtext\", \"table\", \"style\", \"malignmark\"]\n  ```\n\nAll users overriding the allowed tags by any of the above mechanisms\nto include (\"math\" and \"mtext\" and \"table\" and \"style\" and (\"mglyph\"\nor \"malignmark\")) should either upgrade or use one of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"mglyph\" and \"malignmark\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n  and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n  for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2519936\n\n## Credit\n\nThis vulnerability was responsibly reported by So Sakaguchi (mokusou).\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-53988","osvdb":null,"ghsa":"cfjx-w229-hgx5","unaffected_versions":["< 1.6.0"],"patched_versions":[">= 1.6.1"],"criticality":null}},{"type":"unpatched_gem","gem":{"name":"rails-html-sanitizer","version":"1.6.0"},"advisory":{"path":"/home/wiseadvice/.local/share/ruby-advisory-db/gems/rails-html-sanitizer/CVE-2024-53989.yml","id":"CVE-2024-53989","url":"https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rxv5-gxqc-xx8g","title":"rails-html-sanitizer has XSS vulnerability with certain configurations","date":"2024-12-02","description":"## Summary\n\nThere is a possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0.\n\n* Versions affected: 1.6.0\n* Not affected: < 1.6.0\n* Fixed versions: 1.6.1\n\n## Impact\n\nA possible XSS vulnerability with certain configurations of\nRails::HTML::Sanitizer may allow an attacker to inject content if\nHTML5 sanitization is enabled and the application developer has\noverridden the sanitizer's allowed tags in the following way:\n\n- the \"noscript\" element is explicitly allowed\n\nCode is only impacted if Rails is configured to use HTML5 sanitization,\nplease see documentation for [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\nand [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\nfor more information on these configuration options.\n\nThe default configuration is to disallow all of these elements. Code\nis only impacted if allowed tags are being overridden. Applications\nmay be doing this in a few different ways:\n\n1. using application configuration to configure Action View sanitizers'\n   allowed tags:\n\n  ```ruby\n  # In config/application.rb\n  config.action_view.sanitized_allowed_tags = [\"noscript\"]\n  ```\n\n  see https://guides.rubyonrails.org/configuring.html#configuring-action-view\n\n2. using a `:tags` option to the Action View helper `sanitize`:\n\n  ```\n  <= sanitize @comment.body, tags: [\"noscript\"] >\n  ```\n\n  see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize\n\n3. setting Rails::HTML5::SafeListSanitizer class attribute `allowed_tags`:\n\n  ```ruby\n  # class-level option\n  Rails::HTML5::SafeListSanitizer.allowed_tags = [\"noscript\"]\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n4. using a `:tags` options to the Rails::HTML5::SafeListSanitizer instance method `sanitize`:\n\n  ```ruby\n  # instance-level option\n  Rails::HTML5::SafeListSanitizer.new.sanitize(@article.body, tags: [\"noscript\"])\n  ```\n\n  (note that this class may also be referenced as\n  `Rails::Html::SafeListSanitizer`)\n\n5. setting ActionText::ContentHelper module attribute `allowed_tags`:\n\n  ```ruby\n  ActionText::ContentHelper.allowed_tags = [\"noscript\"]\n  ```\n\nAll users overriding the allowed tags by any of the above\nmechanisms to include \"noscript\" should either upgrade or use\none of the workarounds.\n\n## Workarounds\n\nAny one of the following actions will work around this issue:\n\n- Remove \"noscript\" from the overridden allowed tags,\n- Or, downgrade sanitization to HTML4 (see documentation for\n  [`config.action_view.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-view-sanitizer-vendor)\n  and [`config.action_text.sanitizer_vendor`](https://guides.rubyonrails.org/configuring.html#config-action-text-sanitizer-vendor)\n  for more information).\n\n## References\n\n- [CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)](https://cwe.mitre.org/data/definitions/79.html)\n- Original report: https://hackerone.com/reports/2509647\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne user\n[@taise](https://hackerone.com/taise?type=user).\n","cvss_v2":null,"cvss_v3":null,"cve":"2024-53989","osvdb":null,"ghsa":"rxv5-gxqc-xx8g","unaffected_versions":["< 1.6.0"],"patched_versions":[">= 1.6.1"],"criticality":null}}]}
						
						
					
				
				
					
					View Git Blame
					Copy Permalink