CVE-2023-28120 | Vulnerability Database

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice

Mitigation

Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.

Affected Software List

Name	Vendor	Version
RHOL-5.6-RHEL-8	RedHat	openshift-logging/fluentd-rhel8:v1.14.6-113
RHOL-5.7-RHEL-8	RedHat	openshift-logging/fluentd-rhel8:v1.14.6-140

Ubuntu

[Unknown description]

Affected Software List

Name	Vendor	Version
Rails-4.0	Ubuntu/trusty	end of standard support
Rails-4.0	Ubuntu/upstream	TBD
Ruby-actionpack-3.2	Ubuntu/trusty	end of standard support
Ruby-actionpack-3.2	Ubuntu/upstream	TBD
Ruby-activemodel-3.2	Ubuntu/upstream	TBD
Ruby-activemodel-3.2	Ubuntu/trusty	end of standard support
Ruby-activerecord-3.2	Ubuntu/upstream	TBD
Ruby-activerecord-3.2	Ubuntu/trusty	end of standard support
Ruby-activesupport-3.2	Ubuntu/trusty	end of standard support
Ruby-activesupport-3.2	Ubuntu/upstream	TBD
Ruby-rails-3.2	Ubuntu/trusty	end of standard support
Ruby-rails-3.2	Ubuntu/upstream	TBD
Rails	Ubuntu/esm-apps/xenial	TBD
Rails	Ubuntu/lunar	end of life, was needs-triage
Rails	Ubuntu/noble	TBD
Rails	Ubuntu/bionic	end of standard support, was needs-triage
Rails	Ubuntu/esm-apps/bionic	TBD
Rails	Ubuntu/trusty	end of standard support
Rails	Ubuntu/upstream	TBD
Rails	Ubuntu/esm-apps/focal	TBD
Rails	Ubuntu/esm-apps/jammy	TBD
Rails	Ubuntu/esm-apps/noble	TBD
Rails	Ubuntu/jammy	TBD
Rails	Ubuntu/kinetic	end of life, was needs-triage
Rails	Ubuntu/oracular	TBD
Rails	Ubuntu/devel	TBD
Rails	Ubuntu/focal	TBD
Rails	Ubuntu/mantic	end of life, was needs-triage
Rails	Ubuntu/xenial	end of standard support