There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jan 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
ssvc
|
Thu, 09 Jan 2025 01:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. | There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. |
References |
|
|

Status: PUBLISHED
Assigner: hackerone
Published: 2025-01-09T00:33:47.658Z
Updated: 2025-01-09T21:46:38.220Z
Reserved: 2023-03-10T19:36:27.051Z
Link: CVE-2023-28120

Updated: 2025-01-09T21:46:31.379Z

Status : Received
Published: 2025-01-09T01:15:07.637
Modified: 2025-01-09T22:15:26.470
Link: CVE-2023-28120
