actionpack is vulnerable to information disclosure. The vulnerability exists in ActionDispatch::Executor
which does not properly reset the thread for the next request because the library does not properly close the response body which will allow the attacker to gain access to sensitive data in subsequent requests.
www.openwall.com/lists/oss-security/2022/02/11/5
github.com/rails/rails/commit/1b5aadc0182adcb4dc10b42de88a1ad3e870abe7
github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1
github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb
github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833
github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
lists.debian.org/debian-lts-announce/2022/09/msg00002.html
www.debian.org/security/2023/dsa-5372
www.openwall.com/lists/oss-security/2022/02/11/5