{"uuid": "69a2cf3d-f460-4698-839f-060f9e552b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28120", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28120\n\ud83d\udd39 Description: There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.\n\ud83d\udccf Published: 2025-01-09T00:33:47.658Z\n\ud83d\udccf Modified: 2025-01-09T00:33:47.658Z\n\ud83d\udd17 References:\n1. https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469\n2. https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/\n5. https://security.netapp.com/advisory/ntap-20240202-0006/\n6. https://www.debian.org/security/2023/dsa-5389", "creation_timestamp": "2025-01-09T01:15:57.000000Z"}