CVE-2022-23633 Exposure of sensitive information in Action Pack

2022-02-1100:00:00

CWE-200

GitHub_M

www.cve.org

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

CNA Affected

[
  {
    "vendor": "rails",
    "product": "rails",
    "versions": [
      {
        "version": ">= 7.0.0.0, < 7.0.2.1",
        "status": "affected"
      },
      {
        "version": ">= 6.1.0.0, < 6.1.4.5",
        "status": "affected"
      },
      {
        "version": ">= 6.0.0.0, < 6.0.4.5",
        "status": "affected"
      },
      {
        "version": ">= 5.0.0, < 5.2.6.1",
        "status": "affected"
      }
    ]
  }
]