CVE-2023-28120

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions ActiveSupport versions prior to 7.0.4.3 ActiveSupport versions prior to 6.1.7.3

Description There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This issue arises because Ruby 3.2 introduced the bytesplice method, which ActiveSupport did not recognize as a mutation, potentially allowing tainted strings to remain marked as html safe. Users on older versions of Ruby are likely unaffected.

Recommendations For versions prior to 7.0.4.3, upgrade to version 7.0.4.3 or later. For versions prior to 6.1.7.3, upgrade to version 6.1.7.3 or later. As a temporary workaround, avoid calling the bytesplice method on a SafeBuffer (html safe) string with untrusted user input.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-28120

DSA-5389-1

GHSA-PJ73-V5MW-PM9J

OESA-2024-1797

OESA-2024-1798

OESA-2024-1799

OESA-2024-1800

OPENSUSE-SU-2024:12804-1

OPENSUSE-SU-2024:12886-1

OPENSUSE-SU-2024:14071-1

OPENSUSE-SU-2025:15114-1

SUSE-SU-2023:2280-1

SUSE-SU-2023:2294-1

SUSE-SU-2023:2295-1

SUSE-SU-2023:2304-1

SUSE-SU-2023:2781-1

Affected Products

Active Support

Suse

CVE-2023-28120

Weakness Enumeration

Related Identifiers

Affected Products

References · 57