CVE-2023-28120

Summary

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

Affected Software

VendorProductVersion RangeStatus
RailsActiveSupport7.0.4.3 < 7.0.4.3affected
RailsActiveSupport6.1.7.3 < 6.1.7.3affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References