Debian Security Advisory
DSA-5389-1 rails -- security update
- Date Reported:
- 14 Apr 2023
- Affected Packages:
- rails
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 1033262, Bug 1033263.
In Mitre's CVE dictionary: CVE-2023-23913, CVE-2023-28120. - More information:
-
Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS).
This update also fixes a regression introduced in previous update that may block certain access for applications using development environment.
For the stable distribution (bullseye), these problems have been fixed in version 2:6.0.3.7+dfsg-2+deb11u2.
We recommend that you upgrade your rails packages.
For the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rails