Lucene search
K

Debian dla-4383 : rails - security update

🗓️ 25 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Rails on Debian 11 has multiple vulnerabilities addressed by the DLA-4383 advisory.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4383. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(276881);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/25");

  script_cve_id(
    "CVE-2022-44566",
    "CVE-2023-28362",
    "CVE-2023-38037",
    "CVE-2024-41128",
    "CVE-2024-47887",
    "CVE-2024-47888",
    "CVE-2024-47889",
    "CVE-2024-54133"
  );

  script_name(english:"Debian dla-4383 : rails - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4383 advisory.

    - -------------------------------------------------------------------------
    Debian LTS Advisory DLA-4383-1                [email protected]
    https://www.debian.org/lts/security/                   Bastien Roucaris
    November 25, 2025                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : rails
    Version        : 2:6.0.3.7+dfsg-2+deb11u3
    CVE ID         : CVE-2022-44566 CVE-2023-28362 CVE-2023-38037 CVE-2024-41128
                     CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVE-2024-54133
    Debian Bug     : 1030050 1051057 1051058 1085376 1089755

    rails a popular server side application framework was affected by multiple
    vulnerabilities.

    CVE-2022-44566

        Given a value outside the range for a 64bit signed integer type
        PostgreSQL will treat the column type as numeric. Comparing
        integer values against numeric values can result in a slow
        sequential scan.
        This behavior is configurable via
        ActiveRecord::Base.raise_int_wider_than_64bit which
        defaults to true.

    CVE-2023-28362

        The redirect_to method in Rails allows provided values
        to contain characters which are not legal in an HTTP header
        value. This results in the potential for downstream services
        which enforce RFC compliance on HTTP response headers to remove
        the assigned Location header.

    CVE-2023-38037

        ActiveSupport::EncryptedFile writes contents that will be
        encrypted to a temporary file. The temporary file's permissions
        are defaulted to the user's current `umask` settings, meaning
        that it's possible for other users on the same system to read
        the contents of the temporary file. Attackers that have access
        to the file system could possibly read the contents of this
        temporary file while a user is editing it

    CVE-2024-41128

        Action Pack is a framework for handling and responding
        to web requests. There is a possible ReDoS vulnerability in
        the query parameter filtering routines of Action Dispatch.
        Carefully crafted query parameters can cause query parameter
        filtering to take an unexpected amount of time, possibly
        resulting in a DoS vulnerability.

    CVE-2024-47887

        Action Pack is a framework for handling and responding
        to web requests. There is a possible ReDoS vulnerability in
        Action Controller's HTTP Token authentication.
        For applications using HTTP Token authentication via
        `authenticate_or_request_with_http_token` or similar,
        a carefully crafted header may cause header parsing
        to take an unexpected amount of time, possibly resulting
        in a DoS vulnerability

    CVE-2024-47888

        Action Text brings rich text content and editing to Rails.
        There is a possible ReDoS vulnerability in the
        `plain_text_for_blockquote_node helper` in Action Text.
        Carefully crafted text can cause the `plain_text_for_blockquote_node`
        helper to take an unexpected amount of time,
        possibly resulting in a DoS vulnerability.

    CVE-2024-47889

        Action Mailer is a framework for designing email service layers.
        There is a possible ReDoS vulnerability in the block_format helper
        in Action Mailer. Carefully crafted text can cause the block_format
        helper to take an unexpected amount of time, possibly
        resulting in a DoS vulnerability.

    CVE-2024-54133

        Action Pack is a framework for handling and responding
        to web requests. There is a possible Cross Site Scripting (XSS)
        vulnerability in the `content_security_policy` helper.
        Applications which set Content-Security-Policy (CSP) headers dynamically
        from untrusted user input may be vulnerable to carefully crafted
        inputs being able to inject new directives into the CSP.
        This could lead to a bypass of the CSP and its protection
        against XSS and other attacks

    For Debian 11 bullseye, these problems have been fixed in version
    2:6.0.3.7+dfsg-2+deb11u3.

    We recommend that you upgrade your rails packages.

    For the detailed security status of rails please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/rails

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/rails");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44566");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-28362");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38037");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-41128");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-47887");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-47888");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-47889");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-54133");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/rails");
  script_set_attribute(attribute:"solution", value:
"Upgrade the rails packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-44566");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2024-47889");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rails");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actioncable");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionmailbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionmailer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionpack");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actiontext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionview");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activejob");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activemodel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activerecord");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activestorage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activesupport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-rails");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-railties");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'rails', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-actioncable', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-actionmailbox', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-actionmailer', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-actionpack', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-actiontext', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-actionview', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-activejob', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-activemodel', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-activerecord', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-activestorage', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-activesupport', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-rails', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
    {'release': '11.0', 'prefix': 'ruby-railties', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rails / ruby-actioncable / ruby-actionmailbox / ruby-actionmailer / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Nov 2025 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 3.17.5
CVSS 35.5
CVSS 48.7
EPSS0.01265
SSVC
6