Download
| Alert*
CVE-2023-28120
A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. NOTE: This vulnerability is currently awaiting analysis. CVE-2023-23913 A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting (XSS), which could lead to stolen information, phishing attacks, and other types of attacks. |