CVE-2024-34341 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-34341 at MITRE

Description

Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having not set severity.

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

openSUSE-SU-2025:15111-1, published Sun May 18 18:50:31 2025
openSUSE-SU-2025:15124-1, published Sun May 18 18:50:31 2025

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`ruby3.3-rubygem-actiontext-7.0 >= 7.0.8.4-1.1` `ruby3.3-rubygem-rails-7.0 >= 7.0.8.4-1.1` `ruby3.4-rubygem-actiontext-7.0 >= 7.0.8.6-1.3` `ruby3.4-rubygem-rails-7.0 >= 7.0.8.6-1.3`	Patchnames: openSUSE-Tumbleweed-2024-14068 openSUSE-Tumbleweed-2024-14074 openSUSE-Tumbleweed-2025-15111 openSUSE-Tumbleweed-2025-15124

SUSE Timeline for this CVE

CVE page created: Tue May 7 20:00:07 2024
CVE page last modified: Sun May 18 20:02:01 2025