CVE-2024-53989

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer versions 1.6.0

Description: The issue is related to a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer when used with Rails >= 7.1.0. This vulnerability may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the "noscript" element.

Recommendations: For rails-html-sanitizer version 1.6.0, upgrade to version 1.6.1 to fix the vulnerability. As a temporary workaround, consider removing "noscript" from the overridden allowed tags or downgrading sanitization to HTML4.