VulnerableCode Package Details - pkg:apk/alpine/ruby-activesupport@7.0.4.3-r0?arch=ppc64le&distroversion=v3.18&reponame=community

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/ruby-activesupport@7.0.4.3-r0?arch=ppc64le&distroversion=v3.18&reponame=community

purl	pkg:apk/alpine/ruby-activesupport@7.0.4.3-r0?arch=ppc64le&distroversion=v3.18&reponame=community

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-4wmv-rurk-tub6	Possible XSS Security Vulnerability in SafeBuffer#bytesplice There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport did not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.	CVE-2023-28120 GHSA-pj73-v5mw-pm9j GMS-2023-765

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T10:04:28.635813+00:00	Alpine Linux Importer	Fixing	VCID-4wmv-rurk-tub6	https://secdb.alpinelinux.org/v3.18/community.json	38.6.0