Linux Distros Unpatched Vulnerability : CVE-2023-28120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. CVE-2023-28120 Note that Nessus reli...

DEBIAN-CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

UBUNTU-CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

OESA-2024-1800 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

OESA-2024-1797 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

OESA-2024-1799 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2280-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2280-1 advisory. - A DoS vulnerability exists in Rack v3.0.4.2, v2.2.6.3, v2.1.4.3 and v2.0.9.3 within in the Multipart MIME parsing code in which...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.6.5 - Red Hat OpenShift security update

Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

Fedora 37 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-7002afbbb8)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-7002afbbb8 advisory. Update to Ruby on Rails 7.0.4.3. https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released Tenable has extracted the preceding...

SUSE CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

Cross-site Scripting (XSS)

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS when using the SafeBufferbytesplice function, the output of which is not treated as mutated and...

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...