CVE-2023-38037
Published: 11 September 2023
[Active Support Possibly Discloses Locally Encrypted Files]
Notes
| Author | Note |
|---|---|
| seth-arnold | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
rails Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Needs triage
|
|
| bionic |
Needs triage
|
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
ruby-rails-3.2 Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
ruby-actionpack-3.2 Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
ruby-activesupport-3.2 Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
ruby-activerecord-3.2 Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
ruby-activemodel-3.2 Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
rails-4.0 Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Does not exist
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037
- https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
- https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731 (v7.0.7.1)
- https://github.com/rails/rails/commit/c85cc667ebfd3c270df37c7575d580ea6462e12f (v6.1.7.5)
- NVD
- Launchpad
- Debian