How severe is CVE-2022-23633?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-23633?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2022-23633 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

Related Vulnerabilities

CVE-2007-2479

MEDIUM

CVSS:5.9(Medium)

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed ...

CWE-2002007

CVE-2011-4076

MEDIUM

CVSS:5.9(Medium)

OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or...

CWE-2002011

CVE-2013-3587

MEDIUM

CVSS:5.9(Medium)

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle at...

CWE-2002013

CVE-2013-6681

MEDIUM

CVSS:5.9(Medium)

Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability

CWE-2002013

CVE-2014-2359

MEDIUM

CVSS:5.9(Medium)

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.

CWE-2002014

CVE-2014-4024

MEDIUM

CVSS:5.9(Medium)

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used ...

CWE-2002014