Search for packages
| purl | pkg:apk/alpine/ruby-activesupport@7.0.4.3-r0?arch=aarch64&distroversion=v3.21&reponame=community |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1rxp-g9rz-4yb3 | Possible XSS Security Vulnerability in SafeBuffer#bytesplice There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input. |
CVE-2023-28120
GHSA-pj73-v5mw-pm9j GMS-2023-765 |
| VCID-6ku5-mtgz-zygw | Duplicate This advisory duplicates another. |
CVE-2023-22796
GHSA-j6gc-792m-qgm2 GMS-2023-61 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-06T04:49:35.332432+00:00 | Alpine Linux Importer | Fixing | VCID-6ku5-mtgz-zygw | https://secdb.alpinelinux.org/v3.21/community.json | 38.1.0 |
| 2026-04-01T19:26:16.072182+00:00 | Alpine Linux Importer | Fixing | VCID-1rxp-g9rz-4yb3 | https://secdb.alpinelinux.org/v3.21/community.json | 38.0.0 |