Lucene search
+L

44 matches found

snyk
snyk
added 2026/03/24 12:32 a.m.4 views

Cross-site Scripting (XSS)

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the @htmlunsafe flag used by the SafeBuffer% function. An attacker can inject scripts by providing...

6.1CVSS5.8AI score0.00327EPSS
Exploits0References2
osv
osv
added 2026/03/24 12:16 a.m.8 views

DEBIAN-CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.3AI score0.00327EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/23 11:9 p.m.2 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References7
cvelist
cvelist
added 2026/03/23 11:9 p.m.30 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS0.00327EPSS
Exploits0References7
debiancve
debiancve
added 2026/03/23 11:9 p.m.11 views

CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.3AI score0.00327EPSS
Exploits0
cve
cve
added 2026/03/23 11:9 p.m.23 views

CVE-2026-33170

CVE-2026-33170 concerns Active Support (Rails core extensions) where SafeBuffer#% fails to propagate the @html_unsafe flag to a newly created buffer. This can cause in-place mutations (e.g., gsub!) followed by formatting with % using untrusted input to produce a result where html_safe? remains tr...

6.1CVSS5.8AI score0.00327EPSS
Exploits0References7Affected Software1
osv
osv
added 2026/03/23 11:9 p.m.5 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References9
euvd
euvd
added 2026/03/23 8:53 p.m.4 views

EUVD-2026-14624

Rails Active Support has a possible XSS vulnerability in SafeBuffer%...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References7
osv
osv
added 2026/03/23 8:53 p.m.15 views

GHSA-89VF-4333-QX8V Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Impact SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and then formatted with % using untrusted arguments, the result incorrectly reports htmlsafe? == true, bypassing ERB auto-escaping and possibly leading to XSS...

5.3CVSS6.6AI score0.00327EPSS
Exploits0References10
euvd
euvd
added 2025/10/07 12:30 a.m.10 views

EUVD-2017-0294

Malware in sbrugna...

4.3CVSS6AI score0.02137EPSS
Exploits0References9
nessus
nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-28120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. CVE-2023-28120 Note that Nessus reli...

5.3CVSS6.5AI score0.00923EPSS
Exploits0References2
nvd
nvd
added 2025/01/09 1:15 a.m.15 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS0.00923EPSS
Exploits0References6
osv
osv
added 2025/01/09 1:15 a.m.3 views

DEBIAN-CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS5.9AI score0.00923EPSS
Exploits0References1
osv
osv
added 2025/01/09 1:15 a.m.4 views

UBUNTU-CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS6.6AI score0.00923EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/01/09 12:33 a.m.13 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

7.1AI score0.00923EPSS
Exploits0References6
cvelist
cvelist
added 2025/01/09 12:33 a.m.72 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

0.00923EPSS
Exploits0References6
osv
osv
added 2025/01/09 12:33 a.m.14 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS6.6AI score0.00923EPSS
Exploits0References8
osv
osv
added 2024/07/05 11:8 a.m.3 views

OESA-2024-1797 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

5.3CVSS7AI score0.00923EPSS
Exploits0References2
osv
osv
added 2024/07/05 11:8 a.m.3 views

OESA-2024-1800 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

5.3CVSS7AI score0.00923EPSS
Exploits0References2
osv
osv
added 2024/07/05 11:8 a.m.2 views

OESA-2024-1799 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

5.3CVSS7AI score0.00923EPSS
Exploits0References2
Rows per page
Query Builder