Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2022-23633

Published: 11/02/2022 Updated: 19/01/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Rubyonrails

Vulnerability Summary

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Red Hat: Moderate: Satellite 6.11 Release
Synopsis Moderate: Satellite 611 Release Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 611 Description Red Hat Satellite is a systems management tool for Linux-basedin ...
Debian CVElist Bug Report Logs: puma: CVE-2022-23634
Debian Bug report logs - #1005391 puma: CVE-2022-23634 Package: src:puma; Maintainer for src:puma is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Feb 2022 18:54:04 UTC Severity: important Tags: security, upstream Found in ...
Debian CVElist Bug Report Logs: rails: CVE-2022-23633
Debian Bug report logs - #1005389 rails: CVE-2022-23633 Package: src:rails; Maintainer for src:rails is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 12 Feb 2022 18:51:04 UTC Severity: important Tags: security, upstream Found ...
Debian Security Advisories: DSA-5372-1 rails -- security update
Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect For the stable distribution (bullseye), these problems have been fixed in version 2:6037+dfsg-2+deb11u1 We recommend that you upgrade your rails packages For the detailed sec ...

References

CWE-212https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75dahttps://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9http://www.openwall.com/lists/oss-security/2022/02/11/5https://lists.debian.org/debian-lts-announce/2022/09/msg00002.htmlhttps://www.debian.org/security/2023/dsa-5372https://security.netapp.com/advisory/ntap-20240119-0013/https://access.redhat.com/errata/RHSA-2022:5498https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5372
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook