Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/actionpack@6.1.0.0

Type gem

Namespace

Name actionpack

Version 6.1.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.1.4.2

Latest_non_vulnerable_version 7.1.3.1

Affected_by_vulnerabilities

url VCID-2fra-ffky-97ce

vulnerability_id VCID-2fra-ffky-97ce

summary

Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

references

reference_url	https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016
reference_id
reference_type
scores
url	https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_url	https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_url	https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released
reference_id
reference_type
scores
url	https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_url	http://www.openwall.com/lists/oss-security/2022/02/11/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-23633
reference_id	CVE-2022-23633
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_url	https://github.com/advisories/GHSA-wh98-p28r-vrc9
reference_id	GHSA-wh98-p28r-vrc9
reference_type
scores
url	https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_url	https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9
reference_id	GHSA-wh98-p28r-vrc9
reference_type
scores
url	https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

fixed_packages

url	pkg:gem/actionpack@6.1.4.6
purl	pkg:gem/actionpack@6.1.4.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.4.6

url	pkg:gem/actionpack@7.0.2.2
purl	pkg:gem/actionpack@7.0.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.2

aliases CVE-2022-23633, GHSA-wh98-p28r-vrc9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2fra-ffky-97ce

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.0.0

Package Instance