Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS.
Applications that allow users to specify custom HTML attributes are affected. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption
CVSS Vector v4.0
Weakness Type (CWE)
References 7
https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c
security-advisories@github.com
https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d
security-advisories@github.com
https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924
security-advisories@github.com
https://github.com/rails/rails/releases/tag/v7.2.3.1
security-advisories@github.com
https://github.com/rails/rails/releases/tag/v8.0.4.1
security-advisories@github.com
https://github.com/rails/rails/releases/tag/v8.1.2.1
security-advisories@github.com
https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq
security-advisories@github.com