/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-53988

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-53988

CGA ID

CGA-gxwx-7fgv-jp3q

Severity

Unknown

Description

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.

References

  • https://images.chainguard.dev/security/CGA-gxwx-7fgv-jp3q

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs