OESA-2024-1762

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1762

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1762.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1762

Upstream

CVE-2022-23633

Published

2024-06-28T11:08:21Z

Modified

2025-08-12T05:36:26.461385Z

Summary

rubygem-activesupport security update

Details

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Security Fix(es):

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.(CVE-2022-23633)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / rubygem-activesupport

Package

Name: rubygem-activesupport
Purl: pkg:rpm/openEuler/rubygem-activesupport&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.4.4-5.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "rubygem-activesupport-doc-5.2.4.4-5.oe2003sp4.noarch.rpm",
        "rubygem-activesupport-5.2.4.4-5.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "rubygem-activesupport-5.2.4.4-5.oe2003sp4.src.rpm"
    ]
}