Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6ku5-mtgz-zygw
Vulnerability ID VCID-6ku5-mtgz-zygw
Aliases CVE-2023-22796
GHSA-j6gc-792m-qgm2
GMS-2023-61
Summary Duplicate This advisory duplicates another.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (4)
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
epss 0.01733 https://api.first.org/data/v1/epss?cve=CVE-2023-22796
generic_textual LOW https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
ssvc Track https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr LOW https://github.com/advisories/GHSA-j6gc-792m-qgm2
generic_textual LOW https://github.com/rails/rails
generic_textual LOW https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8
generic_textual LOW https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef
generic_textual LOW https://github.com/rails/rails/releases/tag/v6.1.7.1
generic_textual LOW https://github.com/rails/rails/releases/tag/v7.0.4.1
generic_textual LOW https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2023-22796
generic_textual LOW https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
ssvc Track https://security.netapp.com/advisory/ntap-20240202-0009/
ssvc Track https://www.debian.org/security/2023/dsa-5372
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json
https://api.first.org/data/v1/epss?cve=CVE-2023-22796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rails/rails
https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8
https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef
https://github.com/rails/rails/releases/tag/v6.1.7.1
https://github.com/rails/rails/releases/tag/v7.0.4.1
https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
1030050 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
2164736 https://bugzilla.redhat.com/show_bug.cgi?id=2164736
CVE-2023-22796 https://nvd.nist.gov/vuln/detail/CVE-2023-22796
CVE-2023-22796.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml
GHSA-j6gc-792m-qgm2 https://github.com/advisories/GHSA-j6gc-792m-qgm2
ntap-20240202-0009 https://security.netapp.com/advisory/ntap-20240202-0009/
RHSA-2023:4341 https://access.redhat.com/errata/RHSA-2023:4341
RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/ Found at https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/ Found at https://security.netapp.com/advisory/ntap-20240202-0009/

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/ Found at https://www.debian.org/security/2023/dsa-5372
Exploit Prediction Scoring System (EPSS)
Percentile 0.82406
EPSS Score 0.01733
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:46.628728+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activesupport/GMS-2023-61.yml 38.0.0