{"vulnerability": "CVE-2023-28120", "sightings": [{"uuid": "86154090-3925-4276-9e47-67a209d4dbd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2023-28120", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113795675452841249", "content": "", "creation_timestamp": "2025-01-09T00:56:48.746897Z"}, {"uuid": "80541dab-4707-404f-b052-a5e145d3655d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28120", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfbivrzgod2m", "content": "", "creation_timestamp": "2025-01-09T01:15:42.553930Z"}, {"uuid": "8f158b87-c817-4bb4-a019-7b5f10e94a75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28120", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lfbk6ou7hd2q", "content": "", "creation_timestamp": "2025-01-09T01:38:35.276298Z"}, {"uuid": "9a95bcce-fb85-4f1c-a8ea-a1f33dce9e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-28120", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0315/", "content": "", "creation_timestamp": "2026-03-18T00:00:00.000000Z"}, {"uuid": "69a2cf3d-f460-4698-839f-060f9e552b2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28120", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28120\n\ud83d\udd39 Description: There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.\n\ud83d\udccf Published: 2025-01-09T00:33:47.658Z\n\ud83d\udccf Modified: 2025-01-09T00:33:47.658Z\n\ud83d\udd17 References:\n1. https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469\n2. https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/\n5. https://security.netapp.com/advisory/ntap-20240202-0006/\n6. https://www.debian.org/security/2023/dsa-5389", "creation_timestamp": "2025-01-09T01:15:57.000000Z"}, {"uuid": "68a639c1-9586-446e-b1df-f786a86c0f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28120", "type": "seen", "source": "https://t.me/cvedetector/14759", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-28120 - RubyOnRails ActiveSupportUnsafeBufferManipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-28120 \nPublished : Jan. 9, 2025, 1:15 a.m. | 21\u00a0minutes ago \nDescription : There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T02:42:03.000000Z"}, {"uuid": "2ef659af-33a0-47e9-a010-72edb3f07e54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28120", "type": "seen", "source": "https://t.me/ctinow/178112", "content": "https://ift.tt/uQK0PC4\nCVE-2023-28120 Ruby on Rails Vulnerability in NetApp Products", "creation_timestamp": "2024-02-02T15:27:16.000000Z"}]}