vulnerability

Debian: CVE-2022-23633: rails -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Feb 11, 2022	Sep 6, 2022	Mar 16, 2023

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Feb 11, 2022

Added

Sep 6, 2022

Modified

Mar 16, 2023

Description

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

Solution

debian-upgrade-rails

References

CVE-2022-23633
https://attackerkb.com/topics/CVE-2022-23633
DEBIAN-DLA-3093-1
DEBIAN-DSA-5372

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today