Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/actionpack@7.0.0.0

Type gem

Namespace

Name actionpack

Version 7.0.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.1.2.1

Latest_non_vulnerable_version 8.1.2.1

Affected_by_vulnerabilities

url VCID-1f8y-2bmg-qufg

vulnerability_id VCID-1f8y-2bmg-qufg

summary

Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_id

reference_type

scores

value	0.00187
scoring_system	epss
scoring_elements	0.40349
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_url	https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240119-0013/

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id	1005389
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_id

CVE-2022-23633

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_id

CVE-2022-23633.YML

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

fixed_packages

url pkg:gem/actionpack@7.0.2.2

purl pkg:gem/actionpack@7.0.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-43zc-ndt3-xfc5

vulnerability	VCID-4jjq-jkgc-mkca

vulnerability	VCID-9w4d-2z52-wyaf

vulnerability	VCID-f22x-hsz9-kfau

vulnerability	VCID-fnkq-8eys-gygm

vulnerability	VCID-kt8w-wxpx-vyf9

vulnerability	VCID-n2ap-zgrd-skhf

vulnerability	VCID-semx-3823-f7f6

vulnerability	VCID-x6wm-6c84-2qdw

vulnerability	VCID-xhqj-617q-f7fb

vulnerability	VCID-yp5x-mgfj-xbbf

vulnerability	VCID-ypmv-73g2-gfex

vulnerability	VCID-yrjj-cken-6qff

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.2

aliases CVE-2022-23633, GHSA-wh98-p28r-vrc9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1f8y-2bmg-qufg

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.0.0

Package Instance