#VU75786 Incorrect regular expression in rails-html-sanitizer - CVE-2022-23517

Cybersecurity Help s.r.o.

Published: 2023-05-08

Vulnerability identifier: #VU75786

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-23517

CWE-ID: CWE-185

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
rails-html-sanitizer
Universal components / Libraries / Programming Languages & Components

Vendor: Rails

Description

The vulnerability allows a remote attacker to perform DoS attack.

The vulnerability exists due to usage of an incorrect regular expression to parse SVG attributes. A remote attacker can pass a specially crafted SVG image to the application and consume excessive CPU resources.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

rails-html-sanitizer: 1.4.0 - 1.4.3

External links
https://hackerone.com/reports/1684163
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for rubygem-rails-html-sanitizer

Multiple vulnerabilities in Red Hat Satellite 6.13

Multiple vulnerabilities in rails-html-sanitizer for Ruby