CVE-2023-36823

Published: 6 July 2023

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content.

Priority

Cvss 3 Severity Score

6.1

Score breakdown

Status

Package	Release	Status
ruby-sanitize Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Released (4.6.6-2.1~0.20.04.2)
	jammy	Released (6.0.0-1ubuntu0.1)
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Released (6.0.0-1.1ubuntu0.23.10.1)
	trusty	Ignored (end of standard support)
	upstream	Needs triage
	xenial	Not vulnerable (code not present)

Severity score breakdown

Parameter	Value
Base score	6.1
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Changed
Confidentiality	Low
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›