Debian LTS: DLA-3902-1: ruby-rails-html-sanitizer Security Advisory Updates
September 28, 2024
Multiple vulnerabilities have been fixed in ruby-rails-html-sanitizer, a Ruby library for sanitizing HTML fragments in Rails applications
Summary
CVE-2022-23517
Inefficient Regular Expression Complexity
CVE-2022-23518
XSS in data URIs
CVE-2022-23519
CVE-2022-23520
CVE-2022-32209
XSS vulnerability
For Debian 11 bullseye, these problems have been fixed in version
1.3.0-1+deb11u1.
We recommend that you upgrade your ruby-rails-html-sanitizer packages.
For the detailed security status of ruby-rails-html-sanitizer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-rails-html-sanitizer
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : ruby-rails-html-sanitizer
Version : 1.3.0-1+deb11u1
CVE ID : CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520
Debian Bug : 1013806 1027153
