{"vulnerability": "CVE-2023-2279", "sightings": [{"uuid": "592cd52c-f798-4550-962d-919489413e2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22791", "type": "seen", "source": "https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-arubaos-und-aruba-instantos-updates-verfugbar", "content": "", "creation_timestamp": "2023-05-10T13:22:06.000000Z"}, {"uuid": "d34a34aa-02e7-435f-ab73-bd6412912f9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22797", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/3529", "content": "\u0421\u0430\u043c\u043e\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0432 \u044d\u0442\u043e\u0439 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0442\u043e, \u0447\u0442\u043e GitLab (\u043a\u0430\u043a \u043f\u043e \u043c\u043d\u0435 \u0441\u0435\u0439\u0447\u0430\u0441 \u0441\u0430\u043c\u043e\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0430 RoR), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430. \u0412\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0441\u0442\u043e\u0438\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u043f\u043e\u0445\u0435\u043a\u043e\u0432.\n\n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Ruby on Rails 7.0.4.1, 6.1.7.1 \u0438 6.0.6.1, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043e 6 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-22794) \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0437\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c SQL-\u043a\u043e\u043c\u0430\u043d\u0434 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u0445, \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u0432 ActiveRecord. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u0445 \u043f\u0435\u0440\u0435\u0434 \u0438\u0445 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0432 \u0421\u0423\u0411\u0414.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-22797) \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c\u0441\u044f \u043a \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0431\u0440\u043e\u0441\u0430 \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0440\u0435\u0434\u0438\u0440\u0435\u043a\u0442) \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 redirect_to. \u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 4 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u0437-\u0437\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0430 \u0441\u0438\u0442\u0435\u043c\u0443 (\u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0438\u0437-\u0437\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043d\u0435\u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0438 \u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0445 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u0445).\n\n\u0412 Ruby on Rails \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0430\u044f \u043f\u043e\u0434\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 SQL-\u043a\u043e\u0434\u0430\nhttps://www.opennet.ru/opennews/art.shtml?num=58519", "creation_timestamp": "2023-01-20T11:46:59.000000Z"}, {"uuid": "37198c4e-4518-458c-b6fe-b16775fccfc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22790", "type": "seen", "source": "https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-arubaos-und-aruba-instantos-updates-verfugbar", "content": "", "creation_timestamp": "2023-05-10T13:22:06.000000Z"}, {"uuid": "8a59ccc9-6b8f-44b1-92f1-6551ec294c83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-22796", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0315/", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}, {"uuid": "9c1036dd-5a64-4723-b7a0-cdad8ce8d8af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22794", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/3529", "content": "\u0421\u0430\u043c\u043e\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e\u0435 \u0432 \u044d\u0442\u043e\u0439 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0442\u043e, \u0447\u0442\u043e GitLab (\u043a\u0430\u043a \u043f\u043e \u043c\u043d\u0435 \u0441\u0435\u0439\u0447\u0430\u0441 \u0441\u0430\u043c\u043e\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0430 RoR), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430. \u0412\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0441\u0442\u043e\u0438\u0442 \u043e\u0436\u0438\u0434\u0430\u0442\u044c \u043f\u043e\u0445\u0435\u043a\u043e\u0432.\n\n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Ruby on Rails 7.0.4.1, 6.1.7.1 \u0438 6.0.6.1, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043e 6 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043e\u043f\u0430\u0441\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-22794) \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0437\u0430\u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c SQL-\u043a\u043e\u043c\u0430\u043d\u0434 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u0445, \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u043c\u044b\u0445 \u0432 ActiveRecord. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043f\u0435\u0446\u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u0432 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u0445 \u043f\u0435\u0440\u0435\u0434 \u0438\u0445 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0432 \u0421\u0423\u0411\u0414.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2023-22797) \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c\u0441\u044f \u043a \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0431\u0440\u043e\u0441\u0430 \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0440\u0435\u0434\u0438\u0440\u0435\u043a\u0442) \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0435 redirect_to. \u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 4 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u0437-\u0437\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043d\u0430 \u0441\u0438\u0442\u0435\u043c\u0443 (\u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0438\u0437-\u0437\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043d\u0435\u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0438 \u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0445 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u044f\u0445).\n\n\u0412 Ruby on Rails \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0430\u044f \u043f\u043e\u0434\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 SQL-\u043a\u043e\u0434\u0430\nhttps://www.opennet.ru/opennews/art.shtml?num=58519", "creation_timestamp": "2023-01-20T11:46:59.000000Z"}, {"uuid": "aed834f7-3698-4b62-857f-c00e659b8b78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22795", "type": "seen", "source": "https://t.me/ctinow/178108", "content": "https://ift.tt/QAzZ65B\nCVE-2023-22795 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-02-02T15:27:12.000000Z"}, {"uuid": "e37b3aca-623a-4a61-bad9-b876052ec49b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22792", "type": "seen", "source": "https://t.me/ctinow/178111", "content": "https://ift.tt/lcs7Pr4\nCVE-2023-22792 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-02-02T15:27:15.000000Z"}, {"uuid": "fa811148-e931-4e94-90d6-6d13755dbe8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2279", "type": "seen", "source": "https://t.me/cibsecurity/69521", "content": "\u203c CVE-2023-2279 \u203c\n\nThe WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, modify or delete Directory Kit related posts and terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Partial patches were made avilable in versions 1.2.0 and 1.2.1 but the issue was not fully patched until 1.2.2\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T12:12:59.000000Z"}, {"uuid": "940b3c9d-92cf-4018-b10e-f864484e19b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22794", "type": "seen", "source": "https://t.me/ctinow/178110", "content": "https://ift.tt/MBz06Hd\nCVE-2023-22794 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-02-02T15:27:14.000000Z"}, {"uuid": "1052198b-9b66-4618-aeb8-cac0f22fdda9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22796", "type": "seen", "source": "https://t.me/ctinow/178109", "content": "https://ift.tt/hVlOzRc\nCVE-2023-22796 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-02-02T15:27:13.000000Z"}, {"uuid": "92eb935e-cda4-432c-873a-845bc49108aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22790", "type": "seen", "source": "https://t.me/cibsecurity/63429", "content": "\u203c CVE-2023-22790 \u203c\n\nMultiple authenticated command injection vulnerabilities\u00c2\u00a0exist in the Aruba InstantOS and ArubaOS 10 command line\u00c2\u00a0interface. Successful exploitation of these vulnerabilities\u00c2\u00a0result in the ability to execute arbitrary commands as a\u00c2\u00a0privileged user on the underlying operating system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-08T18:37:38.000000Z"}, {"uuid": "34e9edc2-e6ed-4075-8d52-7e3fe70038aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22799", "type": "seen", "source": "https://t.me/cibsecurity/57873", "content": "\u203c CVE-2023-22799 \u203c\n\nA ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:27.000000Z"}, {"uuid": "51c45665-1a0c-4bab-8139-50c5429a6399", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22795", "type": "seen", "source": "https://t.me/cibsecurity/57872", "content": "\u203c CVE-2023-22795 \u203c\n\nA regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:26.000000Z"}, {"uuid": "247cfd63-fae0-4a43-a53c-f1a047f877c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22797", "type": "seen", "source": "https://t.me/cibsecurity/57871", "content": "\u203c CVE-2023-22797 \u203c\n\nAn open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:25.000000Z"}, {"uuid": "b5ebeb50-3e9f-4470-874d-2caeb31e03df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22796", "type": "seen", "source": "https://t.me/cibsecurity/57868", "content": "\u203c CVE-2023-22796 \u203c\n\nA regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:22.000000Z"}, {"uuid": "e55c105a-3699-4f62-990a-88e2d7a0df34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22798", "type": "seen", "source": "https://t.me/cibsecurity/57865", "content": "\u203c CVE-2023-22798 \u203c\n\nPrior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as \"debouncing\" and is intended to remove unnecessary redirects that track users across the web.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-10T00:08:08.000000Z"}, {"uuid": "cb716fc5-1814-40a0-89a3-17963b27dd61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22792", "type": "seen", "source": "https://t.me/cibsecurity/57859", "content": "\u203c CVE-2023-22792 \u203c\n\nA regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-09T22:26:10.000000Z"}]}