Detections
Analytics

Debian dla-4383 : rails - security update

high Nessus Plugin ID 276881

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4383 advisory.

 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4383-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaris November 25, 2025 https://wiki.debian.org/LTS
 - -------------------------------------------------------------------------

 Package : rails Version : 2:6.0.3.7+dfsg-2+deb11u3 CVE ID : CVE-2022-44566 CVE-2023-28362 CVE-2023-38037 CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVE-2024-54133 Debian Bug : 1030050 1051057 1051058 1085376 1089755

 rails a popular server side application framework was affected by multiple vulnerabilities.

 CVE-2022-44566

 Given a value outside the range for a 64bit signed integer type PostgreSQL will treat the column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan.
 This behavior is configurable via ActiveRecord::Base.raise_int_wider_than_64bit which defaults to true.

 CVE-2023-28362

 The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

 CVE-2023-38037

 ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it

 CVE-2024-41128

 Action Pack is a framework for handling and responding to web requests. There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch.
 Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability.

 CVE-2024-47887

 Action Pack is a framework for handling and responding to web requests. There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication.
 For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability

 CVE-2024-47888

 Action Text brings rich text content and editing to Rails.
 There is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text.
 Carefully crafted text can cause the `plain_text_for_blockquote_node` helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability.

 CVE-2024-47889

 Action Mailer is a framework for designing email service layers.
 There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability.

 CVE-2024-54133

 Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper.
 Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP.
 This could lead to a bypass of the CSP and its protection against XSS and other attacks

 For Debian 11 bullseye, these problems have been fixed in version 2:6.0.3.7+dfsg-2+deb11u3.

 We recommend that you upgrade your rails packages.

 For the detailed security status of rails please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/rails

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the rails packages.

See Also

https://security-tracker.debian.org/tracker/source-package/rails

https://security-tracker.debian.org/tracker/CVE-2022-44566

https://security-tracker.debian.org/tracker/CVE-2023-28362

https://security-tracker.debian.org/tracker/CVE-2023-38037

https://security-tracker.debian.org/tracker/CVE-2024-41128

https://security-tracker.debian.org/tracker/CVE-2024-47887

https://security-tracker.debian.org/tracker/CVE-2024-47888

https://security-tracker.debian.org/tracker/CVE-2024-47889

https://security-tracker.debian.org/tracker/CVE-2024-54133

https://packages.debian.org/source/bullseye/rails

Plugin Details

Severity: High

ID: 276881

File Name: debian_DLA-4383.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/25/2025

Updated: 11/25/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-44566

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-47889

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:ruby-rails, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:ruby-railties, p-cpe:/a:debian:debian_linux:ruby-actionmailbox, p-cpe:/a:debian:debian_linux:ruby-actiontext, p-cpe:/a:debian:debian_linux:ruby-activerecord, p-cpe:/a:debian:debian_linux:ruby-activestorage, p-cpe:/a:debian:debian_linux:ruby-actioncable, p-cpe:/a:debian:debian_linux:ruby-activejob, p-cpe:/a:debian:debian_linux:ruby-actionpack, p-cpe:/a:debian:debian_linux:ruby-actionview, p-cpe:/a:debian:debian_linux:ruby-actionmailer, p-cpe:/a:debian:debian_linux:ruby-activesupport, p-cpe:/a:debian:debian_linux:ruby-activemodel, p-cpe:/a:debian:debian_linux:rails

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/25/2025

Vulnerability Publication Date: 1/18/2023

Reference Information

CVE: CVE-2022-44566, CVE-2023-28362, CVE-2023-38037, CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, CVE-2024-47889, CVE-2024-54133