{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-32209","assignerOrgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","assignerShortName":"hackerone","dateUpdated":"2025-11-03T21:46:21.461Z","dateReserved":"2022-06-01T00:00:00.000Z","datePublished":"2022-06-24T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"36234546-b8fa-4601-9d6f-f4e334aa8ea1","shortName":"hackerone","dateUpdated":"2022-12-06T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = [\"select\", \"style\"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: [\"select\", \"style\"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"style\"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: [\"select\", \"style\"])```All users overriding the allowed tags by any of the above mechanisms to include both \"select\" and \"style\" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user)."}],"affected":[{"vendor":"n/a","product":"https://github.com/rails/rails-html-sanitizer","versions":[{"version":"v1.4.3","status":"affected"}]}],"references":[{"url":"https://hackerone.com/reports/1530898"},{"name":"FEDORA-2022-ce4719993c","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"},{"name":"FEDORA-2022-974fffb418","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"},{"name":"[debian-lts-announce] 20221206 [SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"Cross-site Scripting (XSS) - Generic (CWE-79)","cweId":"CWE-79"}]}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://hackerone.com/reports/1530898","tags":["x_transferred"]},{"name":"FEDORA-2022-ce4719993c","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH/"},{"name":"FEDORA-2022-974fffb418","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47/"},{"name":"[debian-lts-announce] 20221206 [SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:46:21.461Z"}}]}}