Vulnerability Database
289,784
Total vulnerabilities in the database
CVE-2023-28120
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
| Software | From | Fixed in |
|---|---|---|
activesupport
|
7.0.0 | 7.0.4.3 |
|
activesupport
|
- | 6.1.7.3 |
- https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
- https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml
- https://lists.fedoraproject.org/archives/list/[email protected]/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/
- https://security.netapp.com/advisory/ntap-20240202-0006/
- https://www.debian.org/security/2023/dsa-5389