/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-53988

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-53988

CGA ID

CGA-gxwx-7fgv-jp3q

Severity

Unknown

Description

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.

References

  • https://images.chainguard.dev/security/CGA-gxwx-7fgv-jp3q
  • https://github.com/advisories/GHSA-cfjx-w229-hgx5
  • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-cfjx-w229-hgx5
  • https://github.com/rails/rails-html-sanitizer/commit/a0a3e8b76b696446ffc6bffcff3bc7b7c6393c72

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation