{"url":"http://public2.vulnerablecode.io/api/packages/66631?format=json","purl":"pkg:gem/activesupport@7.0.7.1","type":"gem","namespace":"","name":"activesupport","version":"7.0.7.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45905?format=json","vulnerability_id":"VCID-usar-ms97-kbep","summary":"Active Support Possibly Discloses Locally Encrypted Files\nThere is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.\n\nVersions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5","references":[{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544","reference_id":"","reference_type":"","scores":[],"url":"https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.0.7.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/rails/rails/releases/tag/v7.0.7.1"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250214-0010","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20250214-0010"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38037","reference_id":"CVE-2023-38037","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38037"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml","reference_id":"CVE-2023-38037.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml"},{"reference_url":"https://github.com/advisories/GHSA-cr5q-6q9f-rq6q","reference_id":"GHSA-cr5q-6q9f-rq6q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cr5q-6q9f-rq6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66630?format=json","purl":"pkg:gem/activesupport@6.1.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/66631?format=json","purl":"pkg:gem/activesupport@7.0.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.7.1"}],"aliases":["CVE-2023-38037","GHSA-cr5q-6q9f-rq6q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-usar-ms97-kbep"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.7.1"}