Oval Definition:oval:org.opensuse.security:def:202223517
Revision Date:2023-06-22Version:1
Title:CVE-2022-23517
Description:

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-23517
SUSE CVE-2022-23517
Platform(s):SUSE Linux Enterprise High Availability Extension 15 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise High Availability Extension 15 SP5 is installed
  • AND ruby2.5-rubygem-rails-html-sanitizer is affected
    • BACK