CVE-2022-23633 in Action Packinfo

Zusammenfassung

von MITRE • 12.02.2022

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

GitHub, Inc.

Reservieren

19.01.2022

Veröffentlichung

12.02.2022

Moderieren

akzeptiert

Eintrag

VDB-193008

CPE

bereit

EPSS

0.02207

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!