Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-0266
Vulnerability from csaf_certbund
Published
2023-02-02 23:00
Modified
2023-02-07 23:00
Summary
genua genucenter: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
genucenter bietet eine zentrale und rollenbasierte Administration der Lösungen von genua.
Angriff
Ein Angreifer kann mehrere Schwachstellen in genua genucenter ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "genucenter bietet eine zentrale und rollenbasierte Administration der Lösungen von genua.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in genua genucenter ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0266 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0266.json", }, { category: "self", summary: "WID-SEC-2023-0266 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0266", }, { category: "external", summary: "Genua Security Advisory vom 2023-02-02", url: "https://kunde.genua.de/fileadmin/download/customer/pub/genucenter/Z800_005.README", }, ], source_lang: "en-US", title: "genua genucenter: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff", tracking: { current_release_date: "2023-02-07T23:00:00.000+00:00", generator: { date: "2024-08-15T17:42:57.044+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0266", initial_release_date: "2023-02-02T23:00:00.000+00:00", revision_history: [ { date: "2023-02-02T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-02-07T23:00:00.000+00:00", number: "2", summary: "Korrektur betroffene Software und ausnutzbare CVE", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "genua genucenter < 8.0p5", product: { name: "genua genucenter < 8.0p5", product_id: "T026117", product_identification_helper: { cpe: "cpe:/h:genua:genucenter:8.0p5", }, }, }, ], category: "vendor", name: "genua", }, ], }, vulnerabilities: [ { cve: "CVE-2023-22809", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2023-22809", }, { cve: "CVE-2022-44570", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-44570", }, { cve: "CVE-2022-28739", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-28739", }, { cve: "CVE-2022-27882", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-27882", }, { cve: "CVE-2022-27881", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-27881", }, { cve: "CVE-2022-23520", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-23520", }, { cve: "CVE-2022-23519", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-23519", }, { cve: "CVE-2022-23518", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-23518", }, { cve: "CVE-2022-23515", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in genua genucenter in verwendeten Komponenten von Drittanbietern. Diese werden nicht im Detail beschrieben und bestehen in den Komponenten \"qs\", \"dalli\", \"grafana\", \"ruby\", \"slaacd\", \"sudo\", \"decode-uri-component\", \"libexpat\", \"libxml\", \"loofah\", \"rack\", \"rails-html-sanitizer\", \"sinatra\" und \"url-parse\". Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], release_date: "2023-02-02T23:00:00.000+00:00", title: "CVE-2022-23515", }, ], }
cve-2022-23519
Vulnerability from cvelistv5
Published
2022-12-14 16:50
Modified
2025-02-13 16:32
Severity ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: < 1.4.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.505Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h", }, { name: "https://hackerone.com/reports/1656627", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1656627", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rails-html-sanitizer", vendor: "rails", versions: [ { status: "affected", version: "< 1.4.4", }, ], }, ], descriptions: [ { lang: "en", value: "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both \"math\" and \"style\" elements, or allow both \"svg\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include \"math\" or \"svg\" and \"style\" should either upgrade or use the following workaround immediately: Remove \"style\" from the overridden allowed tags, or remove \"math\" and \"svg\" from the overridden allowed tags.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T16:06:15.408Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h", }, { name: "https://hackerone.com/reports/1656627", tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1656627", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", }, ], source: { advisory: "GHSA-9h9g-93gc-623h", discovery: "UNKNOWN", }, title: "Possible XSS vulnerability with certain configurations of rails-html-sanitizer", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23519", datePublished: "2022-12-14T16:50:14.949Z", dateReserved: "2022-01-19T21:23:53.779Z", dateUpdated: "2025-02-13T16:32:18.150Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44570
Vulnerability from cvelistv5
Published
2023-02-09 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/rack/rack |
Version: 2.0.9.2, 2.1.4.2, 2.2.4.2, 3.0.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:03.858Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125", }, { name: "DSA-5530", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5530", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231208-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/rack/rack", vendor: "n/a", versions: [ { status: "affected", version: "2.0.9.2, 2.1.4.2, 2.2.4.2, 3.0.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (CWE-400)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-08T22:06:20.271290", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125", }, { name: "DSA-5530", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5530", }, { url: "https://security.netapp.com/advisory/ntap-20231208-0010/", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-44570", datePublished: "2023-02-09T00:00:00", dateReserved: "2022-11-01T00:00:00", dateUpdated: "2024-08-03T13:54:03.858Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22809
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2025-04-04 15:45
Severity ?
EPSS score ?
Summary
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:30.856Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf", }, { tags: [ "x_transferred", ], url: "https://www.sudo.ws/security/advisories/sudoedit_any/", }, { name: "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html", }, { name: "DSA-5321", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5321", }, { name: "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/01/19/1", }, { name: "FEDORA-2023-9078f609e6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230127-0015/", }, { name: "FEDORA-2023-298c136eee", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html", }, { name: "GLSA-202305-12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-12", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213758", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html", }, { name: "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Aug/21", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-22809", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-04T15:43:57.601703Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-04T15:45:24.835Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T07:06:47.365Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf", }, { url: "https://www.sudo.ws/security/advisories/sudoedit_any/", }, { name: "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html", }, { name: "DSA-5321", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5321", }, { name: "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/01/19/1", }, { name: "FEDORA-2023-9078f609e6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/", }, { url: "https://security.netapp.com/advisory/ntap-20230127-0015/", }, { name: "FEDORA-2023-298c136eee", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/", }, { url: "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html", }, { name: "GLSA-202305-12", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-12", }, { url: "https://support.apple.com/kb/HT213758", }, { url: "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html", }, { name: "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Aug/21", }, { url: "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-22809", datePublished: "2023-01-18T00:00:00.000Z", dateReserved: "2023-01-06T00:00:00.000Z", dateUpdated: "2025-04-04T15:45:24.835Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23520
Vulnerability from cvelistv5
Published
2022-12-14 17:07
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: < 1.4.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8", }, { name: "https://hackerone.com/reports/1654310", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1654310", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rails-html-sanitizer", vendor: "rails", versions: [ { status: "affected", version: "< 1.4.4", }, ], }, ], descriptions: [ { lang: "en", value: "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both \"select\" and \"style\" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both \"select\" and \"style\" should either upgrade or use this workaround: Remove either \"select\" or \"style\" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T16:06:16.967Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8", }, { name: "https://hackerone.com/reports/1654310", tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1654310", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", }, ], source: { advisory: "GHSA-rrfc-7g8p-99q8", discovery: "UNKNOWN", }, title: "rails-html-sanitizer contains an incomplete fix for an XSS vulnerability", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23520", datePublished: "2022-12-14T17:07:31.954Z", dateReserved: "2022-01-19T21:23:53.780Z", dateUpdated: "2025-02-13T16:32:18.705Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27882
Vulnerability from cvelistv5
Published
2022-03-25 17:13
Modified
2024-08-03 05:41
Severity ?
EPSS score ?
Summary
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html | x_refsource_MISC | |
| https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/017_slaacd.patch.sig | x_refsource_MISC | |
| https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/033_slaacd.patch.sig | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220506-0005/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:41:10.754Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/017_slaacd.patch.sig", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/033_slaacd.patch.sig", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220506-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-06T13:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", }, { tags: [ "x_refsource_MISC", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/017_slaacd.patch.sig", }, { tags: [ "x_refsource_MISC", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/033_slaacd.patch.sig", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220506-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-27882", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", refsource: "MISC", url: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", }, { name: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/017_slaacd.patch.sig", refsource: "MISC", url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/017_slaacd.patch.sig", }, { name: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/033_slaacd.patch.sig", refsource: "MISC", url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/033_slaacd.patch.sig", }, { name: "https://security.netapp.com/advisory/ntap-20220506-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220506-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-27882", datePublished: "2022-03-25T17:13:23", dateReserved: "2022-03-25T00:00:00", dateUpdated: "2024-08-03T05:41:10.754Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28739
Vulnerability from cvelistv5
Published
2022-05-09 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1248108", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-28739", }, { tags: [ "x_transferred", ], url: "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213488", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213494", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213493", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "20221030 APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/30", }, { name: "20221030 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/29", }, { name: "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T05:06:24.719Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://hackerone.com/reports/1248108", }, { url: "https://security-tracker.debian.org/tracker/CVE-2022-28739", }, { url: "https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/", }, { url: "https://security.netapp.com/advisory/ntap-20220624-0002/", }, { url: "https://support.apple.com/kb/HT213488", }, { url: "https://support.apple.com/kb/HT213494", }, { url: "https://support.apple.com/kb/HT213493", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "20221030 APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/30", }, { name: "20221030 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/29", }, { name: "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html", }, { url: "https://security.gentoo.org/glsa/202401-27", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28739", datePublished: "2022-05-09T00:00:00.000Z", dateReserved: "2022-04-06T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:37.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23515
Vulnerability from cvelistv5
Published
2022-12-14 13:23
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx | x_refsource_CONFIRM | |
| https://github.com/flavorjones/loofah/issues/101 | x_refsource_MISC | |
| https://hackerone.com/reports/1694173 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| flavorjones | loofah |
Version: >= 2.1.0, < 2.19.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.112Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx", }, { name: "https://github.com/flavorjones/loofah/issues/101", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/flavorjones/loofah/issues/101", }, { name: "https://hackerone.com/reports/1694173", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1694173", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "loofah", vendor: "flavorjones", versions: [ { status: "affected", version: ">= 2.1.0, < 2.19.1", }, ], }, ], descriptions: [ { lang: "en", value: "Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T16:06:24.843Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx", }, { name: "https://github.com/flavorjones/loofah/issues/101", tags: [ "x_refsource_MISC", ], url: "https://github.com/flavorjones/loofah/issues/101", }, { name: "https://hackerone.com/reports/1694173", tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1694173", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html", }, ], source: { advisory: "GHSA-228g-948r-83gx", discovery: "UNKNOWN", }, title: "Improper neutralization of data URIs may allow XSS in Loofah", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23515", datePublished: "2022-12-14T13:23:02.054Z", dateReserved: "2022-01-19T21:23:53.777Z", dateUpdated: "2025-02-13T16:32:15.804Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23518
Vulnerability from cvelistv5
Published
2022-12-14 16:22
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m | x_refsource_CONFIRM | |
| https://github.com/rails/rails-html-sanitizer/issues/135 | x_refsource_MISC | |
| https://hackerone.com/reports/1694173 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rails | rails-html-sanitizer |
Version: >= 1.0.3, < 1.4.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:43:46.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", }, { name: "https://github.com/rails/rails-html-sanitizer/issues/135", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rails/rails-html-sanitizer/issues/135", }, { name: "https://hackerone.com/reports/1694173", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1694173", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rails-html-sanitizer", vendor: "rails", versions: [ { status: "affected", version: ">= 1.0.3, < 1.4.4", }, ], }, ], descriptions: [ { lang: "en", value: "rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T16:06:20.153Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m", }, { name: "https://github.com/rails/rails-html-sanitizer/issues/135", tags: [ "x_refsource_MISC", ], url: "https://github.com/rails/rails-html-sanitizer/issues/135", }, { name: "https://hackerone.com/reports/1694173", tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1694173", }, { url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html", }, ], source: { advisory: "GHSA-mcvf-2q2m-x72m", discovery: "UNKNOWN", }, title: "Improper neutralization of data URIs allows XSS in rails-html-sanitizer", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23518", datePublished: "2022-12-14T16:22:34.460Z", dateReserved: "2022-01-19T21:23:53.779Z", dateUpdated: "2025-02-13T16:32:17.595Z", requesterUserId: "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27881
Vulnerability from cvelistv5
Published
2022-03-25 17:13
Modified
2024-08-03 05:41
Severity ?
EPSS score ?
Summary
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/014_slaacd.patch.sig | x_refsource_MISC | |
| https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html | x_refsource_MISC | |
| https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/030_slaacd.patch.sig | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220506-0005/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:41:10.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/014_slaacd.patch.sig", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/030_slaacd.patch.sig", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220506-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-06T13:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/014_slaacd.patch.sig", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", }, { tags: [ "x_refsource_MISC", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/030_slaacd.patch.sig", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220506-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-27881", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/014_slaacd.patch.sig", refsource: "MISC", url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.0/common/014_slaacd.patch.sig", }, { name: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", refsource: "MISC", url: "https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html", }, { name: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/030_slaacd.patch.sig", refsource: "MISC", url: "https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/030_slaacd.patch.sig", }, { name: "https://security.netapp.com/advisory/ntap-20220506-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220506-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-27881", datePublished: "2022-03-25T17:13:08", dateReserved: "2022-03-25T00:00:00", dateUpdated: "2024-08-03T05:41:10.307Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.