Search for packages
| purl | pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-19fr-55kr-hyax | rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute. This vulnerability has been assigned the CVE identifier CVE-2023-23913. Not affected: < 5.1.0 Versions Affected: >= 5.1.0 Fixed Versions: 6.1.7.3, 7.0.4.3 Impact If the specified malicious HTML clipboard content is provided to a contenteditable element, this could result in the arbitrary execution of javascript on the origin in question. Releases The FIXED releases are available at the normal locations. Workarounds We recommend that all users upgrade to one of the FIXED versions. In the meantime, users can attempt to mitigate this vulnerability by removing the contenteditable attribute from elements in pages that rails-ujs will interact with. Patches To aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series * rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series Please note that only the 7.0.Z and 6.1.Z series are supported at present, and 6.0.Z for severe vulnerabilities. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases. Credits We would like to thank ryotak 15 for reporting this! * rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB) * rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB) * rails-ujs-data-method-contenteditable-main.patch (8.9 KB) |
CVE-2023-23913
GHSA-xp5h-f8jf-rc8q |
| VCID-1rxp-g9rz-4yb3 | Possible XSS Security Vulnerability in SafeBuffer#bytesplice There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input. |
CVE-2023-28120
GHSA-pj73-v5mw-pm9j GMS-2023-765 |
| VCID-63gy-6njy-kbd8 | ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
CVE-2023-22792
GHSA-p84v-45xj-wwqj GMS-2023-58 |
| VCID-6ku5-mtgz-zygw | Duplicate This advisory duplicates another. |
CVE-2023-22796
GHSA-j6gc-792m-qgm2 GMS-2023-61 |
| VCID-hppf-a715-r7b2 | ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
CVE-2023-22795
GHSA-8xww-x3g3-6jcv GMS-2023-56 |
| VCID-sygb-mygd-s3gb | Duplicate This advisory duplicates another. |
CVE-2022-44566
GHSA-579w-22j4-4749 GMS-2023-59 |
| VCID-t9yh-ss8z-e3cb | Duplicate This advisory duplicates another. |
CVE-2023-22794
GHSA-hq7p-j377-6v63 GMS-2023-60 |