Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/rubygem-actionpack@6.1.7.4-1?arch=el8sat

Type rpm

Namespace redhat

Name rubygem-actionpack

Version 6.1.7.4-1

Qualifiers

arch	el8sat

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-dd9p-x7k3-37ea

vulnerability_id

VCID-dd9p-x7k3-37ea

summary

Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28362

reference_id

reference_type

scores

value	0.00224
scoring_system	epss
scoring_elements	0.4516
published_at	2026-04-21T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45208
published_at	2026-04-18T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45215
published_at	2026-04-16T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45164
published_at	2026-04-13T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45162
published_at	2026-04-12T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45194
published_at	2026-04-11T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45173
published_at	2026-04-08T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45155
published_at	2026-04-02T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45174
published_at	2026-04-09T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.4512
published_at	2026-04-07T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45177
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362

reference_url

https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441

reference_url

https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5

reference_url

https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23

reference_url

https://security.netapp.com/advisory/ntap-20250502-0009

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250502-0009

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
reference_id	1051058
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2217785
reference_id	2217785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2217785

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-28362

reference_id

CVE-2023-28362

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28362

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

reference_id

CVE-2023-28362.YML

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

reference_url

https://github.com/advisories/GHSA-4g8v-vg43-wpgf

reference_id

GHSA-4g8v-vg43-wpgf

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/advisories/GHSA-4g8v-vg43-wpgf

reference_url	https://access.redhat.com/errata/RHSA-2023:7851
reference_id	RHSA-2023:7851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7851

fixed_packages

aliases

CVE-2023-28362, GHSA-4g8v-vg43-wpgf

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-dd9p-x7k3-37ea

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-actionpack@6.1.7.4-1%3Farch=el8sat

Package Instance