VYPR

rpm package

opensuse/rubygem-activesupport-7.0&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubygem-activesupport-7.0&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2023-38037MedJan 9, 2025
    affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1

    ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary

  • CVE-2023-28120MedJan 9, 2025
    affected < 7.0.4.3-1.1fixed 7.0.4.3-1.1

    There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

  • CVE-2023-22796Feb 9, 2023
    affected < 7.0.4.1-1.1fixed 7.0.4.1-1.1

    A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts