| Source | Link |
|---|---|
| security-tracker | www.security-tracker.debian.org/tracker/source-package/rails |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2022-44566 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2023-28362 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2023-38037 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-41128 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-47887 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-47888 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-47889 |
| security-tracker | www.security-tracker.debian.org/tracker/CVE-2024-54133 |
| packages | www.packages.debian.org/source/bullseye/rails |
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4383. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(276881);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/25");
script_cve_id(
"CVE-2022-44566",
"CVE-2023-28362",
"CVE-2023-38037",
"CVE-2024-41128",
"CVE-2024-47887",
"CVE-2024-47888",
"CVE-2024-47889",
"CVE-2024-54133"
);
script_name(english:"Debian dla-4383 : rails - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4383 advisory.
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4383-1 [email protected]
https://www.debian.org/lts/security/ Bastien Roucaris
November 25, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : rails
Version : 2:6.0.3.7+dfsg-2+deb11u3
CVE ID : CVE-2022-44566 CVE-2023-28362 CVE-2023-38037 CVE-2024-41128
CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVE-2024-54133
Debian Bug : 1030050 1051057 1051058 1085376 1089755
rails a popular server side application framework was affected by multiple
vulnerabilities.
CVE-2022-44566
Given a value outside the range for a 64bit signed integer type
PostgreSQL will treat the column type as numeric. Comparing
integer values against numeric values can result in a slow
sequential scan.
This behavior is configurable via
ActiveRecord::Base.raise_int_wider_than_64bit which
defaults to true.
CVE-2023-28362
The redirect_to method in Rails allows provided values
to contain characters which are not legal in an HTTP header
value. This results in the potential for downstream services
which enforce RFC compliance on HTTP response headers to remove
the assigned Location header.
CVE-2023-38037
ActiveSupport::EncryptedFile writes contents that will be
encrypted to a temporary file. The temporary file's permissions
are defaulted to the user's current `umask` settings, meaning
that it's possible for other users on the same system to read
the contents of the temporary file. Attackers that have access
to the file system could possibly read the contents of this
temporary file while a user is editing it
CVE-2024-41128
Action Pack is a framework for handling and responding
to web requests. There is a possible ReDoS vulnerability in
the query parameter filtering routines of Action Dispatch.
Carefully crafted query parameters can cause query parameter
filtering to take an unexpected amount of time, possibly
resulting in a DoS vulnerability.
CVE-2024-47887
Action Pack is a framework for handling and responding
to web requests. There is a possible ReDoS vulnerability in
Action Controller's HTTP Token authentication.
For applications using HTTP Token authentication via
`authenticate_or_request_with_http_token` or similar,
a carefully crafted header may cause header parsing
to take an unexpected amount of time, possibly resulting
in a DoS vulnerability
CVE-2024-47888
Action Text brings rich text content and editing to Rails.
There is a possible ReDoS vulnerability in the
`plain_text_for_blockquote_node helper` in Action Text.
Carefully crafted text can cause the `plain_text_for_blockquote_node`
helper to take an unexpected amount of time,
possibly resulting in a DoS vulnerability.
CVE-2024-47889
Action Mailer is a framework for designing email service layers.
There is a possible ReDoS vulnerability in the block_format helper
in Action Mailer. Carefully crafted text can cause the block_format
helper to take an unexpected amount of time, possibly
resulting in a DoS vulnerability.
CVE-2024-54133
Action Pack is a framework for handling and responding
to web requests. There is a possible Cross Site Scripting (XSS)
vulnerability in the `content_security_policy` helper.
Applications which set Content-Security-Policy (CSP) headers dynamically
from untrusted user input may be vulnerable to carefully crafted
inputs being able to inject new directives into the CSP.
This could lead to a bypass of the CSP and its protection
against XSS and other attacks
For Debian 11 bullseye, these problems have been fixed in version
2:6.0.3.7+dfsg-2+deb11u3.
We recommend that you upgrade your rails packages.
For the detailed security status of rails please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rails
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/rails");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44566");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-28362");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-38037");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-41128");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-47887");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-47888");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-47889");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-54133");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/rails");
script_set_attribute(attribute:"solution", value:
"Upgrade the rails packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-44566");
script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2024-47889");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2025/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rails");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actioncable");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionmailbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionmailer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionpack");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actiontext");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-actionview");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activejob");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activemodel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activerecord");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activestorage");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-activesupport");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-rails");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-railties");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '11.0', 'prefix': 'rails', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-actioncable', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-actionmailbox', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-actionmailer', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-actionpack', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-actiontext', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-actionview', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-activejob', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-activemodel', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-activerecord', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-activestorage', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-activesupport', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-rails', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'},
{'release': '11.0', 'prefix': 'ruby-railties', 'reference': '2:6.0.3.7+dfsg-2+deb11u3'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rails / ruby-actioncable / ruby-actionmailbox / ruby-actionmailer / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation