Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5389-1:85B87
HistoryApr 14, 2023 - 4:39 p.m.

[SECURITY] [DSA 5389-1] rails security update

2023-04-1416:39:00
lists.debian.org
13
cve-2023-28120
xss
rails
debian
bullseye distribution
cve-2023-23913
regression
dom
security update

8.4 High

AI Score

Confidence

High

JSON

Debian Security Advisory DSA-5389-1 [email protected]
https://www.debian.org/security/ Aron Xu
April 14, 2023 https://www.debian.org/security/faq

Package : rails
CVE ID : CVE-2023-23913 CVE-2023-28120
Debian Bug : 1033262 1033263

Brief introduction

Two vulnerabilities were discovered in rails, the Ruby based server-side
MVC web application framework, which could lead to XSS and DOM based
cross-site scripting (CRS).

This update also fixes a regression introduced in previous update that
may block certain access for apps using development environment.

For the stable distribution (bullseye), these problems have been fixed in
version 2:6.0.3.7+dfsg-2+deb11u2.

We recommend that you upgrade your rails packages.

For the detailed security status of rails please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rails

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11allruby-activemodel< 2:6.0.3.7+dfsg-2+deb11u2ruby-activemodel_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allrails< 2:6.0.3.7+dfsg-2+deb11u2rails_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-actionpack< 2:6.0.3.7+dfsg-2+deb11u2ruby-actionpack_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-actionmailer< 2:6.0.3.7+dfsg-2+deb11u2ruby-actionmailer_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-rails< 2:6.0.3.7+dfsg-2+deb11u2ruby-rails_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-actionview< 2:6.0.3.7+dfsg-2+deb11u2ruby-actionview_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-activejob< 2:6.0.3.7+dfsg-2+deb11u2ruby-activejob_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-activestorage< 2:6.0.3.7+dfsg-2+deb11u2ruby-activestorage_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-activesupport< 2:6.0.3.7+dfsg-2+deb11u2ruby-activesupport_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Debian11allruby-actionmailbox< 2:6.0.3.7+dfsg-2+deb11u2ruby-actionmailbox_2:6.0.3.7+dfsg-2+deb11u2_all.deb
Rows per page:
1-10 of 141

Related

osv 3
nessus 9
openvas 31
github 2
cve 2
hackerone 1
debiancve 2
fedora 26
redhatcve 2
veracode 2
alpinelinux 1
ubuntucve 2
gitlab 2
rubygems 2
redhat 2
ibm 1
osv
osv
rails - security update
2023-04-14 00:00:00
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
2023-06-09 22:41:16
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
2023-03-15 21:36:01
nessus
nessus
Debian DSA-5389-1 : rails - security update
2023-04-15 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:3813-1)
2023-09-28 00:00:00
Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-d6157bb1e2)
2023-04-02 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5389-1)
2023-04-17 00:00:00
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3813-1)
2024-03-04 00:00:00
Fedora: Security Advisory for rubygem-actiontext (FEDORA-2023-7002afbbb8)
2023-04-06 00:00:00
github
github
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
2023-06-09 22:41:16
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
2023-03-15 21:36:01
cve
cve
CVE-2023-23913
2023-04-08 00:37:48
CVE-2023-28120
2023-03-15 02:20:21
hackerone
hackerone
Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
2023-08-28 06:25:02
debiancve
debiancve
CVE-2023-23913
2023-04-08 00:37:48
CVE-2023-28120
2023-03-15 02:20:21
fedora
fedora
[SECURITY] Fedora 37 Update: rubygem-actionmailbox-7.0.4.3-1.fc37
2023-04-05 01:36:45
[SECURITY] Fedora 37 Update: rubygem-actiontext-7.0.4.3-1.fc37
2023-04-05 01:36:45
[SECURITY] Fedora 38 Update: rubygem-activestorage-7.0.4.3-1.fc38
2023-04-01 00:17:48
redhatcve
redhatcve
CVE-2023-28120
2023-03-19 14:12:56
CVE-2023-23913
2023-03-27 18:13:07
veracode
veracode
Cross-site Scripting (XSS)
2023-03-17 02:41:43
Cross-Site Scripting (XSS)
2023-04-02 13:20:04
alpinelinux
alpinelinux
CVE-2023-28120
2023-03-15 02:20:21
ubuntucve
ubuntucve
CVE-2023-28120
2023-03-22 00:00:00
CVE-2023-23913
2023-03-22 00:00:00
gitlab
gitlab
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
2023-03-15 00:00:00
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
2023-06-09 00:00:00
rubygems
rubygems
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
2023-03-12 21:00:00
DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
2023-03-12 21:00:00
redhat
redhat
(RHSA-2023:1953) Moderate: Logging Subsystem 5.6.5 - Red Hat OpenShift security update
2023-04-26 07:56:43
(RHSA-2023:3495) Moderate: Logging Subsystem 5.7.2 - Red Hat OpenShift security update
2023-06-12 19:06:47
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-04-26 15:33:20

8.4 High

AI Score

Confidence

High

JSON
Related for DEBIAN:DSA-5389-1:85B87
osv3nessus9openvas31github2cve2hackerone1debiancve2fedora26redhatcve2veracode2alpinelinux1ubuntucve2gitlab2rubygems2redhat2ibm1