CVE-2022-23518: 
Ruby vulnerability analysis and mitigation

Rails HTML Sanitizer (rails-html-sanitizer), a library responsible for sanitizing HTML fragments in Rails applications, was found to be vulnerable to cross-site scripting (XSS) attacks. Versions >= 1.0.3 and < 1.4.4, when used in combination with Loofah >= 2.1.0, are affected by this vulnerability. The issue was discovered and reported independently by Maciej Piechota and Mrinmoy Das, and was patched in version 1.4.4 (GitHub Advisory).

The vulnerability stems from improper neutralization of data URIs in the scrub_attribute method. There was a divergence between the code present in Loofah and how it was handled in the PermitScrubber class. The missing safe data URI validation allowed injection of base64 encoded XSS scripts. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability could allow attackers to execute cross-site scripting (XSS) attacks through data URIs. This could potentially lead to unauthorized access to sensitive information and manipulation of web content. The impact is categorized as having low confidentiality and integrity impact, with no impact on availability (GitHub Advisory).

The recommended mitigation is to upgrade to rails-html-sanitizer version 1.4.4 or later, which contains the security fix. For Debian 10 users, the fix has been backported to version 1.0.4-1+deb10u2 (Debian Advisory).