CVE-2022-23517

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.

Weakness

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Affected Software

Name	Vendor	Start Version	End Version
Rails_html_sanitizers	Rubyonrails	*	1.4.4 (excluding)
Red Hat Satellite 6.13 for RHEL 8	RedHat	satellite:el8/rubygem-rails-html-sanitizer-0:1.4.4-1.el8sat	*
Ruby-rails-html-sanitizer	Ubuntu	bionic	*
Ruby-rails-html-sanitizer	Ubuntu	focal	*
Ruby-rails-html-sanitizer	Ubuntu	kinetic	*
Ruby-rails-html-sanitizer	Ubuntu	lunar	*
Ruby-rails-html-sanitizer	Ubuntu	mantic	*
Ruby-rails-html-sanitizer	Ubuntu	oracular	*
Ruby-rails-html-sanitizer	Ubuntu	plucky	*
Ruby-rails-html-sanitizer	Ubuntu	trusty	*
Ruby-rails-html-sanitizer	Ubuntu	xenial	*

Extended Description

	  Attackers can create crafted inputs that
	  intentionally cause the regular expression to use
	  excessive backtracking in a way that causes the CPU
	  consumption to spike.

Potential Mitigations

https://cwe.mitre.org/data/definitions/492.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23517
CWE	https://cwe.mitre.org/data/definitions/1333.html

Inefficient Regular Expression Complexity

Weakness

Affected Software

Extended Description

Potential Mitigations

References

CVE-2022-23517

Inefficient Regular Expression Complexity

Weakness

Affected Software

Extended Description

Potential Mitigations

Related Attack Patterns

References