-
-
Notifications
You must be signed in to change notification settings - Fork 217
/
CVE-2022-27777.yml
51 lines (40 loc) · 1.56 KB
/
CVE-2022-27777.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
---
gem: actionview
framework: rails
cve: 2022-27777
ghsa: ch3h-j2vf-95pv
url: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
title: Possible XSS Vulnerability in Action View tag helpers
date: 2022-04-26
description: |
There is a possible XSS vulnerability in Action View tag helpers. Passing
untrusted input as hash keys can lead to a possible XSS vulnerability. This
vulnerability has been assigned the CVE identifier CVE-2022-27777.
Versions Affected: ALL
Not affected: NONE
Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1
## Impact
If untrusted data is passed as the hash key for tag attributes, there is a
possibility that the untrusted data may not be properly escaped which can
lead to an XSS vulnerability.
Impacted code will look something like this:
```
check_box_tag('thename', 'thevalue', false, aria: { malicious_input => 'thevalueofaria' })
```
Where the "malicious_input" variable contains untrusted data.
All users running an affected release should either upgrade or use one of the
workarounds immediately.
## Releases
The FIXED releases are available at the normal locations.
## Workarounds
Escape the untrusted data before using it as a key for tag helper methods.
cvss_v3: 6.1
patched_versions:
- "~> 5.2.7, >= 5.2.7.1"
- "~> 6.0.4, >= 6.0.4.8"
- "~> 6.1.5, >= 6.1.5.1"
- ">= 7.0.2.4"
related:
url:
- https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85
- https://github.com/rails/rails/blob/7-0-stable/actionview/CHANGELOG.md#rails-7024-april-26-2022