Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible

XSS vulnerability with certain configurations of
Rails::Html::Sanitizer.This vulnerability has been assigned the CVE
identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed
Versions: v1.4.3## ImpactA possible XSS vulnerability with certain
configurations of Rails::Html::Sanitizer may allow an attacker to inject
content if the application developer has overridden the sanitizer’s allowed
tags to allow both select and style elements.Code is only impacted if
allowed tags are being overridden. This may be done via application
configuration:ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]see
https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr
it may be done with a :tags option to the Action View helper
sanitize:<%= sanitize @comment.body, tags: ["select", "style"] %>see
https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr
it may be done with Rails::Html::SafeListSanitizer directly:ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]orruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])All users overriding the allowed tags by any of the
above mechanisms to include both “select” and “style” should either upgrade
or use one of the workarounds immediately.## ReleasesThe FIXED releases are
available at the normal locations.## WorkaroundsRemove either select or
style from the overridden allowed tags.## CreditsThis vulnerability was
responsibly reported by
windshock.

Bugs

• <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013806&gt;