Upstream information

CVE-2024-34341 at MITRE

Description

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having not set severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • ruby3.3-rubygem-actiontext-7.0 >= 7.0.8.4-1.1
  • ruby3.3-rubygem-rails-7.0 >= 7.0.8.4-1.1
Patchnames:
openSUSE-Tumbleweed-2024-14068
openSUSE-Tumbleweed-2024-14074


SUSE Timeline for this CVE

CVE page created: Tue May 7 20:00:07 2024
CVE page last modified: Tue Sep 3 19:34:36 2024