VulnerableCode Package Details - pkg:gem/activesupport@4.2.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-1rxp-g9rz-4yb3 Aliases: CVE-2023-28120 GHSA-pj73-v5mw-pm9j GMS-2023-765	Possible XSS Security Vulnerability in SafeBuffer#bytesplice There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.	6.1.7.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.0.4.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-6ku5-mtgz-zygw Aliases: CVE-2023-22796 GHSA-j6gc-792m-qgm2 GMS-2023-61	Duplicate This advisory duplicates another.	5.2.8 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.1.7.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.4.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1rxp-g9rz-4yb3
Aliases:
CVE-2023-28120
GHSA-pj73-v5mw-pm9j
GMS-2023-765

Possible XSS Security Vulnerability in SafeBuffer#bytesplice There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.

6.1.7.3
Affected by 1 other vulnerability.

7.0.4.3
Affected by 1 other vulnerability.

VCID-6ku5-mtgz-zygw
Aliases:
CVE-2023-22796
GHSA-j6gc-792m-qgm2
GMS-2023-61

Duplicate This advisory duplicates another.

5.2.8
Affected by 3 other vulnerabilities.

6.1.7.1
Affected by 3 other vulnerabilities.

7.0.4.1
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:24:08.812139+00:00	GitLab Importer	Affected by	VCID-1rxp-g9rz-4yb3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml	38.4.0
2026-04-16T22:20:05.376615+00:00	GitLab Importer	Affected by	VCID-6ku5-mtgz-zygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml	38.4.0
2026-04-16T17:40:01.365050+00:00	Ruby Importer	Affected by	VCID-6ku5-mtgz-zygw	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml	38.4.0
2026-04-11T23:42:18.884653+00:00	GitLab Importer	Affected by	VCID-1rxp-g9rz-4yb3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml	38.3.0
2026-04-11T23:38:00.608385+00:00	GitLab Importer	Affected by	VCID-6ku5-mtgz-zygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml	38.3.0
2026-04-11T21:37:12.415331+00:00	Ruby Importer	Affected by	VCID-6ku5-mtgz-zygw	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml	38.3.0
2026-04-02T23:46:14.230828+00:00	GitLab Importer	Affected by	VCID-1rxp-g9rz-4yb3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml	38.1.0
2026-04-02T23:42:17.119533+00:00	GitLab Importer	Affected by	VCID-6ku5-mtgz-zygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml	38.1.0
2026-04-02T19:35:16.884332+00:00	Ruby Importer	Affected by	VCID-6ku5-mtgz-zygw	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml	38.1.0
2026-04-01T18:09:25.481807+00:00	GitLab Importer	Affected by	VCID-1rxp-g9rz-4yb3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml	38.0.0
2026-04-01T18:05:00.217657+00:00	GitLab Importer	Affected by	VCID-6ku5-mtgz-zygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml	38.0.0
2026-04-01T15:52:19.813451+00:00	Ruby Importer	Affected by	VCID-6ku5-mtgz-zygw	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml	38.0.0