PT-2023-21578 · Ruby+1 · Active Support+1

Akira Matsuda

Publicado

2023-03-15

Atualizado

2025-05-17

CVE-2023-28120

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions ActiveSupport versions prior to 7.0.4.3 ActiveSupport versions prior to 6.1.7.3

Description There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This issue arises because Ruby 3.2 introduced the bytesplice method, which ActiveSupport did not recognize as a mutation, potentially allowing tainted strings to remain marked as html safe. Users on older versions of Ruby are likely unaffected.

Recommendations For versions prior to 7.0.4.3, upgrade to version 7.0.4.3 or later. For versions prior to 6.1.7.3, upgrade to version 6.1.7.3 or later. As a temporary workaround, avoid calling the bytesplice method on a SafeBuffer (html safe) string with untrusted user input.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-28120

DSA-5389-1

GHSA-PJ73-V5MW-PM9J

OESA-2024-1797

OESA-2024-1798

OESA-2024-1799

OESA-2024-1800

OPENSUSE-SU-2024:12804-1

OPENSUSE-SU-2024:12886-1

OPENSUSE-SU-2024:14071-1

OPENSUSE-SU-2025:15114-1

SUSE-SU-2023:2280-1

SUSE-SU-2023:2294-1

SUSE-SU-2023:2295-1

SUSE-SU-2023:2304-1

SUSE-SU-2023:2781-1

Produtos afetados

Active Support

Suse

PT-2023-21578 · Ruby+1 · Active Support+1

CVE-2023-28120

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 57