VDB
DEBIAN-CVE-2023-28120
DEBIAN-CVE-2023-28120
PUBLISHED
CVSS 5.300000190734863 MEDIUM
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | rails | 0, 0, 0 |
| Debian:14 | rails | 0, 0, 0 |
| Debian:13 | rails | 0, 0, 0 |
| Debian:11 | rails | 2:6.0.3.7+dfsg-2+deb11u1, 0, 6.0.3.7+dfsg |
Exploit Intelligence
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
…and 1 more exploits
Timeline
- Jan 9, 2025 CVE Published
- Apr 28, 2026 CVE Updated