Skip to content

ActionText ContentAttachment can Contain Unsanitized HTML

Moderate severity GitHub Reviewed Published Jun 4, 2024 in rails/rails • Updated Jun 5, 2024

Package

bundler actiontext (RubyGems)

Affected versions

>= 7.1.0, < 7.1.3.4
= 7.2.0.beta1

Patched versions

7.1.3.4
7.2.0.beta2

Description

Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML.

This has been assigned the CVE identifier CVE-2024-32464.

Versions Affected: >= 7.1.0
Not affected: < 7.1.0
Fixed Versions: 7.1.3.4

Impact

This could lead to a potential cross site scripting issue within the Trix editor.

Releases

The fixed releases are available at the normal locations.

Workarounds

N/A

Patches

To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our maintenance policy regarding security issues. They are in git-am format and consist of a single changeset.

  • action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series

Credits

Thank you ooooooo_q for reporting this!

References

@jhawthorn jhawthorn published to rails/rails Jun 4, 2024
Published by the National Vulnerability Database Jun 4, 2024
Published to the GitHub Advisory Database Jun 4, 2024
Reviewed Jun 4, 2024
Last updated Jun 5, 2024

Severity

Moderate
6.1
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CVE ID

CVE-2024-32464

GHSA ID

GHSA-prjp-h48f-jgf6

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.