Описание
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed.
Меры по смягчению последствий
Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | 3scale-toolbox-container | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | rubygem-activesupport | Out of support scope | ||
| Red Hat Satellite 6 | candlepin | Not affected | ||
| Red Hat Satellite 6 | rubygem-activesupport | Not affected | ||
| Red Hat Satellite 6 | rubygem-deep_cloneable | Not affected | ||
| RHOL-5.6-RHEL-8 | openshift-logging/fluentd-rhel8 | Fixed | RHSA-2023:1953 | 26.04.2023 |
| RHOL-5.7-RHEL-8 | openshift-logging/fluentd-rhel8 | Fixed | RHSA-2023:3495 | 12.06.2023 |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
There is a vulnerability in ActiveSupport if the new bytesplice method ...
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
6.1 Medium
CVSS3