-
-
Notifications
You must be signed in to change notification settings - Fork 236
Expand file tree
/
Copy pathCVE-2026-44312.yml
More file actions
54 lines (45 loc) · 2 KB
/
Copy pathCVE-2026-44312.yml
File metadata and controls
54 lines (45 loc) · 2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
---
gem: css_parser
cve: 2026-44312
ghsa: ff6c-w6qf-7xqc
url: https://github.com/premailer/css_parser/security/advisories/GHSA-ff6c-w6qf-7xqc
title: Improper Certificate Validation allows MITM injection of remote
CSS content
date: 2026-05-07
description: |
### Summary
The CSS Parser gem does not validate HTTPS connections, allowing a
Man-in-the-Middle (MITM) attacker to inject or modify CSS content when
stylesheets are loaded via HTTPS. The connection is established with
`OpenSSL::SSL::VERIFY_NONE`, meaning any HTTPS certificate—even
entirely untrusted—will be accepted without validation.
### Details
In `lib/css_parser/parser.rb`, the HTTP client sets:
https://github.com/premailer/css_parser/blob/3f91e8db7547fac50ab50cb7f9920f785f722740/lib/css_parser/parser.rb#L646
```ruby
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
```
As a result, the library does not validate the authenticity of HTTPS
connections and does not protect against man-in-the-middle attacks.
Any attacker in a position to intercept network traffic can inject
or modify CSS loaded via HTTPS URLs without detection or warning.
### Impact
Applications using CSS Parser to load remote stylesheets over HTTPS
are vulnerable to CSS injection and content manipulation, regardless
of the trust status of the remote server. All users who use CSS Parser
to fetch external CSS over HTTPS may be impacted.
### Credit
This vulnerability was uncovered by @JLLeitschuh of the
@braze-inc security team.
cvss_v3: 5.8
patched_versions:
- "~> 1.22.0"
- ">= 2.1.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2026-44312
- https://github.com/premailer/css_parser/security/advisories/GHSA-ff6c-w6qf-7xqc
- https://github.com/premailer/css_parser/commit/35e689c904225add78e0c488cf04bad052666449
- https://github.com/premailer/css_parser/commit/e0c95d5abe91b237becb90ff316531a6547ada18
- https://github.com/premailer/css_parser/issues/185
- https://github.com/advisories/GHSA-ff6c-w6qf-7xqc