CVE-2024-53989: rails-html-sanitizer has XSS vulnerability with certain configurations
2.3
CVSS Score
4.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.31176%
CWE
Published
12/2/2024
Updated
12/3/2024
KEV Status
No
Technology
Ruby
RubyTechnical Details
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| rails-html-sanitizer | rubygems | = 1.6.0 | 1.6.1 |
Vulnerability Intelligence
Miggo AI
Miggo AIRoot Cause Analysis
The vulnerability stems from improper handling of 'noscript' tags in HTML5 sanitization configurations. The core issue was in PermitScrubber's validate! logic (validate! method) that didn't enforce noscript removal, as shown in the commit diff modifying scrubbers.rb. The SafeListSanitizer's sanitize method is also implicated as it's the entry point for processing user-configured tags. The high confidence for validate! comes from direct patch evidence, while medium confidence for sanitize comes from its role in processing vulnerable configurations.