Debian Security Advisory

DSA-5389-1 rails -- security update

Date Reported:
14 Apr 2023
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 1033262, Bug 1033263.
In Mitre's CVE dictionary: CVE-2023-23913, CVE-2023-28120.
More information:

Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS).

This update also fixes a regression introduced in previous update that may block certain access for applications using development environment.

For the stable distribution (bullseye), these problems have been fixed in version 2:

We recommend that you upgrade your rails packages.

For the detailed security status of rails please refer to its security tracker page at: