VYPR
Medium severity5.3OSV Advisory· Published Jan 9, 2025· Updated Jun 17, 2026

CVE-2023-28120

CVE-2023-28120

Description

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
activesupportRubyGems
>= 7.0.0, < 7.0.4.37.0.4.3
activesupportRubyGems
< 6.1.7.36.1.7.3

Affected products

28

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.