CVE-2023-28120

Опубликовано: 09 янв. 2025

Источник: debian

EPSS Низкий

Описание

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

Пакет	Статус	Версия исправления	Релиз	Тип
rails	fixed	2:6.1.7.3+dfsg-1		package

https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 (v6.1.7.3)
https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

EPSS

Процентиль: 32%

0.00125

Низкий

CVE-2023-28120

CVSS3: 5.3

ubuntu

около 1 года назад

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

CVE-2023-28120

CVSS3: 6.1

redhat

почти 3 года назад

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

CVE-2023-28120

CVSS3: 5.3

nvd

около 1 года назад

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

GHSA-pj73-v5mw-pm9j

CVSS3: 5.3

github

почти 3 года назад

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

SUSE-SU-2023:2304-1

suse-cvrf

больше 2 лет назад

Security update for rmt-server

EPSS

Процентиль: 32%

0.00125

Низкий