-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
RubyRuby| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| prosemirror_to_html | rubygems | < 0.2.1 | 0.2.1 |
Miggo AIRoot Cause AnalysisThe vulnerability exists in the prosemirror_to_html gem, where HTML attribute values are not properly escaped, leading to a Cross-Site Scripting (XSS) vulnerability. The analysis of the provided patch commit 4d59f94f550bcabeec30d298791bbdd883298ad8 clearly points to the vulnerable function. The file lib/prosemirror_to_html.rb was modified. Specifically, the function render_opening_tag within the ProsemirrorToHtml::Renderer class was changed to escape attribute values. Before the patch, the code directly used the value of an attribute in the generated HTML string. The vulnerable line - attrs << " #{attr}=\"#{value}\"" shows that the value is not escaped. The fix introduces escaped_value = CGI.escapeHTML(value.to_s) and uses this escaped value instead. Therefore, the render_opening_tag function is the exact location of the vulnerability, as it processes potentially malicious input (the attribute value) and includes it in the HTML output without proper neutralization.
ProsemirrorToHtml::Renderer.render_opening_taglib/prosemirror_to_html.rb
Ongoing coverage of React2Shell