gsd-2022-23633
Vulnerability from gsd
Modified
2022-02-11 00:00
Details
## Impact Under certain circumstances response bodies will not be closed, for example a bug in a webserver (https://github.com/puma/puma/pull/2812) or a bug in a Rack middleware. In the event a response is not notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests, especially when interacting with `ActiveSupport::CurrentAttributes`. Upgrading to the FIXED versions of Rails will ensure mitigation if this issue even in the context of a buggy webserver or middleware implementation. ## Patches This has been fixed in Rails 7.0.2.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. ## Workarounds Upgrading is highly recommended, but to work around this problem the following middleware can be used: ``` class GuardedExecutor < ActionDispatch::Executor def call(env) ensure_completed! super end private def ensure_completed! @executor.new.complete! if @executor.active? end end # Ensure the guard is inserted before ActionDispatch::Executor Rails.application.configure do config.middleware.swap ActionDispatch::Executor, GuardedExecutor, executor end ```
Aliases



{
  "GSD": {
    "alias": "CVE-2022-23633",
    "description": "Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.",
    "id": "GSD-2022-23633",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-23633.html",
      "https://access.redhat.com/errata/RHSA-2022:5498",
      "https://www.debian.org/security/2023/dsa-5372"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "actionpack",
            "purl": "pkg:gem/actionpack"
          }
        }
      ],
      "aliases": [
        "CVE-2022-23633",
        "GHSA-wh98-p28r-vrc9"
      ],
      "details": "## Impact\n\nUnder certain circumstances response bodies will not be closed, for example a\nbug in a webserver (https://github.com/puma/puma/pull/2812) or a bug in a Rack\nmiddleware. In the event a response is not notified of a `close`,\n`ActionDispatch::Executor` will not know to reset thread local state for the\nnext request. This can lead to data being leaked to subsequent requests,\nespecially when interacting with `ActiveSupport::CurrentAttributes`.\n\nUpgrading to the FIXED versions of Rails will ensure mitigation if this issue\neven in the context of a buggy webserver or middleware implementation.\n\n## Patches\n\nThis has been fixed in Rails 7.0.2.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2.\n\n## Workarounds\n\nUpgrading is highly recommended, but to work around this problem the following\nmiddleware can be used:\n\n```\nclass GuardedExecutor \u003c ActionDispatch::Executor\n  def call(env)\n    ensure_completed!\n    super\n  end\n\n  private\n\n    def ensure_completed!\n      @executor.new.complete! if @executor.active?\n    end\nend\n\n# Ensure the guard is inserted before ActionDispatch::Executor\nRails.application.configure do\n  config.middleware.swap ActionDispatch::Executor, GuardedExecutor, executor\nend\n```",
      "id": "GSD-2022-23633",
      "modified": "2022-02-11T00:00:00.000Z",
      "published": "2022-02-11T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ"
        },
        {
          "type": "WEB",
          "url": "https://github.com/rails/rails/commit/10c64a472f2f19a5e485bdac7d5106a76aeb29a5"
        },
        {
          "type": "WEB",
          "url": "https://github.com/rails/rails/blob/7-0-stable/actionpack/CHANGELOG.md#rails-7021-february-11-2022"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 7.4,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Possible exposure of information vulnerability in Action Pack"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23633",
        "STATE": "PUBLIC",
        "TITLE": "Exposure of sensitive information in Action Pack"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "rails",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 7.0.0.0, \u003c 7.0.2.1"
                        },
                        {
                          "version_value": "\u003e= 6.1.0.0, \u003c 6.1.4.5"
                        },
                        {
                          "version_value": "\u003e= 6.0.0.0, \u003c 6.0.4.5"
                        },
                        {
                          "version_value": "\u003e= 5.0.0, \u003c 5.2.6.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "rails"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9",
            "refsource": "CONFIRM",
            "url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9"
          },
          {
            "name": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da",
            "refsource": "MISC",
            "url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da"
          },
          {
            "name": "[oss-security] 20220211 [CVE-2022-23633] Possible exposure of information vulnerability in Action Pack",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2022/02/11/5"
          },
          {
            "name": "[debian-lts-announce] 20220903 [SECURITY] [DLA 3093-1] rails security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"
          },
          {
            "name": "DSA-5372",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2023/dsa-5372"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240119-0013/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20240119-0013/"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-wh98-p28r-vrc9",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2022-23633",
      "cvss_v3": 7.4,
      "date": "2022-02-11",
      "description": "## Impact\n\nUnder certain circumstances response bodies will not be closed, for example a\nbug in a webserver (https://github.com/puma/puma/pull/2812) or a bug in a Rack\nmiddleware. In the event a response is not notified of a `close`,\n`ActionDispatch::Executor` will not know to reset thread local state for the\nnext request. This can lead to data being leaked to subsequent requests,\nespecially when interacting with `ActiveSupport::CurrentAttributes`.\n\nUpgrading to the FIXED versions of Rails will ensure mitigation if this issue\neven in the context of a buggy webserver or middleware implementation.\n\n## Patches\n\nThis has been fixed in Rails 7.0.2.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2.\n\n## Workarounds\n\nUpgrading is highly recommended, but to work around this problem the following\nmiddleware can be used:\n\n```\nclass GuardedExecutor \u003c ActionDispatch::Executor\n  def call(env)\n    ensure_completed!\n    super\n  end\n\n  private\n\n    def ensure_completed!\n      @executor.new.complete! if @executor.active?\n    end\nend\n\n# Ensure the guard is inserted before ActionDispatch::Executor\nRails.application.configure do\n  config.middleware.swap ActionDispatch::Executor, GuardedExecutor, executor\nend\n```",
      "framework": "rails",
      "gem": "actionpack",
      "ghsa": "wh98-p28r-vrc9",
      "patched_versions": [
        "~\u003e 5.2.6, \u003e= 5.2.6.2",
        "~\u003e 6.0.4, \u003e= 6.0.4.6",
        "~\u003e 6.1.4, \u003e= 6.1.4.6",
        "\u003e= 7.0.2.2"
      ],
      "related": {
        "url": [
          "https://github.com/rails/rails/commit/10c64a472f2f19a5e485bdac7d5106a76aeb29a5",
          "https://github.com/rails/rails/blob/7-0-stable/actionpack/CHANGELOG.md#rails-7021-february-11-2022"
        ]
      },
      "title": "Possible exposure of information vulnerability in Action Pack",
      "unaffected_versions": [
        "\u003c 5.0.0"
      ],
      "url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=5.0.0.0 \u003c=5.2.6.1||\u003e=6.0.0.0 \u003c=6.0.4.5||\u003e=6.1.0.0 \u003c=6.1.4.5||\u003e=7.0.0.0 \u003c=7.0.2.1",
          "affected_versions": "All versions starting from 5.0.0.0 up to 5.2.6.1, all versions starting from 6.0.0.0 up to 6.0.4.5, all versions starting from 6.1.0.0 up to 6.1.4.5, all versions starting from 7.0.0.0 up to 7.0.2.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2022-02-11",
          "description": "Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.",
          "fixed_versions": [
            "5.2.6.2",
            "6.0.4.6",
            "6.1.4.6",
            "7.0.2.2"
          ],
          "identifier": "CVE-2022-23633",
          "identifiers": [
            "GHSA-wh98-p28r-vrc9",
            "CVE-2022-23633"
          ],
          "not_impacted": "All versions before 5.0.0.0, all versions after 5.2.6.1 before 6.0.0.0, all versions after 6.0.4.5 before 6.1.0.0, all versions after 6.1.4.5 before 7.0.0.0, all versions after 7.0.2.1",
          "package_slug": "gem/actionpack",
          "pubdate": "2022-02-11",
          "solution": "Upgrade to versions 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2 or above.",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor",
          "urls": [
            "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9",
            "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da",
            "https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016",
            "https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released",
            "https://github.com/advisories/GHSA-wh98-p28r-vrc9"
          ],
          "uuid": "6617e5a1-928c-4c6a-9444-d0f05ea87a6b"
        },
        {
          "affected_range": "\u003e=5.0.0 \u003c5.2.6.2||\u003e=6.0.0 \u003c6.0.4.6||\u003e=6.1.0 \u003c6.1.4.6||\u003e=7.0.0 \u003c7.0.2.2",
          "affected_versions": "All versions starting from 5.0.0 before 5.2.6.2, all versions starting from 6.0.0 before 6.0.4.6, all versions starting from 6.1.0 before 6.1.4.6, all versions starting from 7.0.0 before 7.0.2.2",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-212",
            "CWE-937"
          ],
          "date": "2023-07-11",
          "description": "Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.",
          "fixed_versions": [
            "5.2.6.2",
            "6.0.4.6",
            "6.1.4.6",
            "7.0.2.2"
          ],
          "identifier": "CVE-2022-23633",
          "identifiers": [
            "CVE-2022-23633",
            "GHSA-wh98-p28r-vrc9"
          ],
          "not_impacted": "All versions before 5.0.0, all versions starting from 5.2.6.2 before 6.0.0, all versions starting from 6.0.4.6 before 6.1.0, all versions starting from 6.1.4.6 before 7.0.0, all versions starting from 7.0.2.2",
          "package_slug": "gem/rails",
          "pubdate": "2022-02-11",
          "solution": "Upgrade to versions 5.2.6.2, 6.0.4.6, 6.1.4.6, 7.0.2.2 or above.",
          "title": "Exposure of information in Action Pack",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23633",
            "https://github.com/advisories/GHSA-wh98-p28r-vrc9",
            "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da",
            "http://www.openwall.com/lists/oss-security/2022/02/11/5"
          ],
          "uuid": "1eec09ea-1980-46f3-af3e-938ec60d200f"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "799C8F9A-10DD-4840-AAB5-F444DDA46FE2",
                    "versionEndExcluding": "5.2.6.2",
                    "versionStartIncluding": "5.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CB7B860B-0F93-4C93-8C95-29D259A38C43",
                    "versionEndExcluding": "6.0.4.6",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A8FC3F82-3521-470B-910E-395895BAB248",
                    "versionEndExcluding": "6.1.4.6",
                    "versionStartIncluding": "6.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AC6C96FF-285D-4378-86FF-AFB70FC339A3",
                    "versionEndExcluding": "7.0.2.2",
                    "versionStartIncluding": "7.0.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used."
          },
          {
            "lang": "es",
            "value": "Action Pack es un marco de trabajo para manejar y responder a peticiones web. Bajo determinadas circunstancias los cuerpos de las respuestas no son cerradas. En el caso de que una respuesta *no* sea notificada de un \"close\", \"ActionDispatch::Executor\" no sabr\u00e1 restablecer el estado local del hilo para la siguiente petici\u00f3n. Esto puede conllevar a que sean filtrados datos a las siguientes peticiones. Esto ha sido corregido en Rails versiones 7.0.2.1, 6.1.4.5, 6.0.4.5 y 5.2.6.1. Es recomendado encarecidamente actualizar, pero para mitigar este problema puede usarse el middleware descrito en GHSA-wh98-p28r-vrc9"
          }
        ],
        "id": "CVE-2022-23633",
        "lastModified": "2024-01-19T16:15:08.417",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 5.2,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2022-02-11T21:15:11.990",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List",
              "Mitigation",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/11/5"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mitigation",
              "Third Party Advisory"
            ],
            "url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://security.netapp.com/advisory/ntap-20240119-0013/"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5372"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-212"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-200"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.