CVE-2023-38037: Active Support Possibly Discloses Locally Encrypted Files
(updated )
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.
Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5
References
- discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544
- github.com/advisories/GHSA-cr5q-6q9f-rq6q
- github.com/rails/rails
- github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731
- github.com/rails/rails/releases/tag/v7.0.7.1
- github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
- nvd.nist.gov/vuln/detail/CVE-2023-38037
- security.netapp.com/advisory/ntap-20250214-0010
Code Behaviors & Features
Detect and mitigate CVE-2023-38037 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →