Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-28120

MEDIUM
Published 2025-01-09T00:33:47.658Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-28120. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.3
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.259
Higher than 25.9% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
NONE
Integrity
LOW
Availability
NONE

Description

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Rails

ActiveSupport

Affected Versions:

7.0.4.3 6.1.7.3

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

GHSA-pj73-v5mw-pm9j

Advisory Details

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport did not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.

Affected Packages

RubyGems activesupport
ECOSYSTEM: ≥7.0.0 <7.0.4.3
RubyGems activesupport
ECOSYSTEM: ≥0 <6.1.7.3

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-28120
WEB https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
WEB https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO
WEB https://security.netapp.com/advisory/ntap-20240202-0006
WEB https://www.debian.org/security/2023/dsa-5389

Advisory provided by GitHub Security Advisory Database. Published: March 15, 2023, Modified: January 10, 2025

References

https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
https://lists.fedoraproject.org/archives/list/[email protected]/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/
https://security.netapp.com/advisory/ntap-20240202-0006/
https://www.debian.org/security/2023/dsa-5389
Published: 2025-01-09T00:33:47.658Z
Last Modified: 2025-01-09T21:46:38.220Z
Copied to clipboard!