Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix: CVE-2022-32099#536

Merged
keshavbiswa merged 1 commit intodevelopfrom
fix/CVE-2022-32209
Jun 30, 2022
Merged

Fix: CVE-2022-32099#536
keshavbiswa merged 1 commit intodevelopfrom
fix/CVE-2022-32209

Conversation

@keshavbiswa
Copy link
Contributor

@keshavbiswa keshavbiswa commented Jun 30, 2022

Notion card

Summary

Name: rails-html-sanitizer
Version: 1.4.2
CVE: CVE-2022-32209
Criticality: Unknown
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Title: Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Solution: upgrade to >= 1.4.3

Preview

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to
    not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Checklist:

  • I have manually tested all workflows
  • I have performed a self-review of my own code
  • I have added automated tests for my code

@github-actions
Copy link

github-actions bot commented Jun 30, 2022

Current Code Coverage Percent of this PR:

89.12 %

Files having coverage below 100%

Impacted Files Coverage
/lib/custom_failure.rb 80.0 %
/app/services/weekly_reminder_for_missed_entries_service.rb 31.82 %
/app/controllers/users/invitations_controller.rb 92.86 %
/app/controllers/users/sessions_controller.rb 85.71 %
/app/services/invoice_payment/checkout.rb 44.0 %
/app/services/invoice_payment/pdf_generation.rb 70.0 %
/app/controllers/internal_api/v1/payment_settings_controller.rb 93.33 %
/app/controllers/internal_api/v1/profile_controller.rb 96.88 %
/app/controllers/internal_api/v1/companies_controller.rb 95.45 %
/app/controllers/internal_api/v1/wise/recipients_controller.rb 90.0 %
/app/controllers/internal_api/v1/payments/providers_controller.rb 94.74 %
/lib/benchmarking/benchmarker.rb 0.0 %

rohitjoshixyz
rohitjoshixyz reviewed Jun 30, 2022
View reviewed changes
Copy link
Contributor

@rohitjoshixyz rohitjoshixyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@keshavbiswa
Copy link
Contributor Author

keshavbiswa commented Jun 30, 2022

LGTM

@rohitjoshixyz Can you approve this PR?

@keshavbiswa keshavbiswa merged commit 71edaf5 into develop Jun 30, 2022
@keshavbiswa keshavbiswa deleted the fix/CVE-2022-32209 branch June 30, 2022 14:12
vipulnsward pushed a commit that referenced this pull request Feb 15, 2026
@keshavbiswa
Fix: CVE-2022-32099 (#536)
8265659 
updated Gemfile.lock
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akhilgkrishnan akhilgkrishnan akhilgkrishnan approved these changes

@apoorv-mishra apoorv-mishra Awaiting requested review from apoorv-mishra

+1 more reviewer

@rohitjoshixyz rohitjoshixyz rohitjoshixyz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

PR: merged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@keshavbiswa @akhilgkrishnan @rohitjoshixyz