Headline
Debian Security Advisory 5389-1
Debian Linux Security Advisory 5389-1 - Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression introduced in previous update that may block certain access for apps using development environment.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5389-1 [email protected]://www.debian.org/security/ Aron XuApril 14, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : railsCVE ID : CVE-2023-23913 CVE-2023-28120Debian Bug : 1033262 1033263Brief introduction Two vulnerabilities were discovered in rails, the Ruby based server-sideMVC web application framework, which could lead to XSS and DOM basedcross-site scripting (CRS).This update also fixes a regression introduced in previous update thatmay block certain access for apps using development environment.For the stable distribution (bullseye), these problems have been fixed inversion 2:6.0.3.7+dfsg-2+deb11u2.We recommend that you upgrade your rails packages.For the detailed security status of rails please refer toits security tracker page at:https://security-tracker.debian.org/tracker/railsFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmQ5gEQACgkQO1LKKgqv2VT/iwgAvAA/wob57s9L6OseUHQL9E83qcGgmyukO5rPg0v+DSJXNWZP76ntGemfHQPeD73OqjBymt9JBSkI7ZGqDA8VvqR/5TvXF4IUlVyQ7CQ7DEHcJJVDcMH4MVIKzgl6mGk3eeqZf1e2TmV5+NUkLcOEi8JPlcnA8umue6GiGMOVpee6h57omEJjLrbIWuZc5z4+OEX1PVCgEVVbfsgxY8R43Eu6+3RPciYHkuo/spY6sdqFGWojvVEM25qZ49Nae4JcUFmK1VWprzZstrlSCaXVmiBQ/grUtHXyMd5jGSHVh7XFdl98ggKasUiUSS3cOqNJS9WzFK6oLORMXfI4iIklNQ===FKaG-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute. This vulnerability has been assigned the CVE identifier CVE-2023-23913. Not affected: < 5.1.0 Versions Affected: >= 5.1.0 Fixed Versions: 6.1.7.3, 7.0.4.3 Impact If the specified malicious HTML clipboard content is provided to a contenteditable element, this could result in the arbitrary execution of javascript on the origin in question. Releases The FIXED releases are available at the normal locations. Workarounds We recommend that all users upgrade to one of the FIXED versions. In the meantime, users can attempt to mitigate this vulnerability by removing the contenteditable at...
Red Hat Security Advisory 2023-1953-01 - Red Hat OpenShift Logging Subsystem 5.6.5 update. Issues addressed include cross site scripting and denial of service vulnerabilities.
Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. * CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrus...
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 # Impact ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe. Ruby 3.2 introduced a new bytesplice method which ActiveSupport did not yet understand to be a mutation. Users on older versions of Ruby are likely unaffected. All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately. # Workarounds Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.