Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/activesupport@7.0.4.1
purl pkg:gem/activesupport@7.0.4.1
Next non-vulnerable version 7.0.7.1
Latest non-vulnerable version 8.1.2.1
Risk 3.4
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-1rxp-g9rz-4yb3
Aliases:
CVE-2023-28120
GHSA-pj73-v5mw-pm9j
GMS-2023-765
Possible XSS Security Vulnerability in SafeBuffer#bytesplice There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.
7.0.4.3
Affected by 1 other vulnerability.
VCID-6ku5-mtgz-zygw
Aliases:
CVE-2023-22796
GHSA-j6gc-792m-qgm2
GMS-2023-61
Duplicate This advisory duplicates another. There are no reported fixed by versions.
VCID-6pxd-xsaw-tuer
Aliases:
CVE-2023-38037
GHSA-cr5q-6q9f-rq6q
Active Support Possibly Discloses Locally Encrypted Files There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5
7.0.7.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-6ku5-mtgz-zygw Duplicate This advisory duplicates another. CVE-2023-22796
GHSA-j6gc-792m-qgm2
GMS-2023-61

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:36:42.360189+00:00 GitLab Importer Affected by VCID-6pxd-xsaw-tuer https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-38037.yml 38.4.0
2026-04-16T22:24:09.326278+00:00 GitLab Importer Affected by VCID-1rxp-g9rz-4yb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml 38.4.0
2026-04-16T22:20:05.881369+00:00 GitLab Importer Fixing VCID-6ku5-mtgz-zygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml 38.4.0
2026-04-16T17:40:04.115590+00:00 Ruby Importer Fixing VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.4.0
2026-04-16T17:40:01.871308+00:00 Ruby Importer Affected by VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.4.0
2026-04-11T23:56:00.088524+00:00 GitLab Importer Affected by VCID-6pxd-xsaw-tuer https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-38037.yml 38.3.0
2026-04-11T23:42:19.447082+00:00 GitLab Importer Affected by VCID-1rxp-g9rz-4yb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml 38.3.0
2026-04-11T23:38:01.176559+00:00 GitLab Importer Fixing VCID-6ku5-mtgz-zygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml 38.3.0
2026-04-11T21:37:15.454243+00:00 Ruby Importer Fixing VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.3.0
2026-04-11T21:37:13.009946+00:00 Ruby Importer Affected by VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.3.0
2026-04-02T23:59:04.350698+00:00 GitLab Importer Affected by VCID-6pxd-xsaw-tuer https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-38037.yml 38.1.0
2026-04-02T23:46:14.726172+00:00 GitLab Importer Affected by VCID-1rxp-g9rz-4yb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml 38.1.0
2026-04-02T23:42:17.623581+00:00 GitLab Importer Fixing VCID-6ku5-mtgz-zygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml 38.1.0
2026-04-02T19:35:19.423989+00:00 Ruby Importer Fixing VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.1.0
2026-04-02T19:35:17.365565+00:00 Ruby Importer Affected by VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.1.0
2026-04-02T16:58:48.031384+00:00 GHSA Importer Fixing VCID-6ku5-mtgz-zygw https://github.com/advisories/GHSA-j6gc-792m-qgm2 38.1.0
2026-04-01T18:09:26.043845+00:00 GitLab Importer Affected by VCID-1rxp-g9rz-4yb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-765.yml 38.0.0
2026-04-01T15:52:22.810793+00:00 Ruby Importer Fixing VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.0.0
2026-04-01T15:52:20.507603+00:00 Ruby Importer Affected by VCID-6ku5-mtgz-zygw https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml 38.0.0
2026-04-01T12:58:00.766242+00:00 GithubOSV Importer Fixing VCID-6ku5-mtgz-zygw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-j6gc-792m-qgm2/GHSA-j6gc-792m-qgm2.json 38.0.0
2026-04-01T12:50:46.998546+00:00 GitLab Importer Fixing VCID-6ku5-mtgz-zygw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/CVE-2023-22796.yml 38.0.0