SUSE-SU-2023:3229-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2023-28362

Published: 08 Aug 2023, 12:20

Last modified:02 May 2025, 04:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Aug 2023, 12:20

Published

Vulnerability first disclosed

02 May 2025, 04:34

Last Modified

Vulnerability information updated

Description

Security update for rubygem-actionpack-5_1 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirect_to (bsc#1213312).

Affected Systems

opensuse•rubygem-actionpack-5_1&distro=openSUSE Leap 15.4
< 5.1.4-150000.3.18.1
opensuse•rubygem-actionpack-5_1&distro=openSUSE Leap 15.5
< 5.1.4-150000.3.18.1
suse•rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP1
< 5.1.4-150000.3.18.1
suse•rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP2
< 5.1.4-150000.3.18.1
suse•rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP3
< 5.1.4-150000.3.18.1
suse•rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP4
< 5.1.4-150000.3.18.1
suse•rubygem-actionpack-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP5
< 5.1.4-150000.3.18.1

SUSE-SU-2023:3229-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)