rpm package
opensuse/rubygem-activesupport-7.0&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rubygem-activesupport-7.0&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38037 | Med | 5.5 | < 7.0.8.4-1.1 | 7.0.8.4-1.1 | Jan 9, 2025 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary | |
| CVE-2023-28120 | Med | 5.3 | < 7.0.4.3-1.1 | 7.0.4.3-1.1 | Jan 9, 2025 | There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. | |
| CVE-2023-22796 | — | < 7.0.4.1-1.1 | 7.0.4.1-1.1 | Feb 9, 2023 | A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts |
- affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary
- affected < 7.0.4.3-1.1fixed 7.0.4.3-1.1
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
- CVE-2023-22796Feb 9, 2023affected < 7.0.4.1-1.1fixed 7.0.4.1-1.1
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts