{"url":"http://public2.vulnerablecode.io/api/packages/60632?format=json","purl":"pkg:gem/actionpack@5.2.6.2","type":"gem","namespace":"","name":"actionpack","version":"5.2.6.2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.0.4.2","latest_non_vulnerable_version":"7.1.3.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42380?format=json","vulnerability_id":"VCID-2fra-ffky-97ce","summary":"Exposure of information in Action Pack\nAction Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016","reference_id":"","reference_type":"","scores":[],"url":"https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016"},{"reference_url":"https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ"},{"reference_url":"https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released","reference_id":"","reference_type":"","scores":[],"url":"https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/02/11/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/02/11/5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389","reference_id":"1005389","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063149","reference_id":"2063149","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063149"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23633","reference_id":"CVE-2022-23633","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23633"},{"reference_url":"https://github.com/advisories/GHSA-wh98-p28r-vrc9","reference_id":"GHSA-wh98-p28r-vrc9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wh98-p28r-vrc9"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9","reference_id":"GHSA-wh98-p28r-vrc9","reference_type":"","scores":[],"url":"https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5498","reference_id":"RHSA-2022:5498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60632?format=json","purl":"pkg:gem/actionpack@5.2.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/60633?format=json","purl":"pkg:gem/actionpack@6.0.4.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.0.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/60634?format=json","purl":"pkg:gem/actionpack@6.1.4.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@6.1.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/60635?format=json","purl":"pkg:gem/actionpack@7.0.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@7.0.2.2"}],"aliases":["CVE-2022-23633","GHSA-wh98-p28r-vrc9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fra-ffky-97ce"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.2.6.2"}