There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized. When these strings are mutated, the tag should be removed to mark them as no longer being html_safe.
Created rubygem-activesupport tracking bugs for this issue: Affects: epel-all [bug 2179645] Affects: fedora-all [bug 2179644]
This issue has been addressed in the following products: RHOL-5.6-RHEL-8 Via RHSA-2023:1953 https://access.redhat.com/errata/RHSA-2023:1953
This issue has been addressed in the following products: RHOL-5.7-RHEL-8 Via RHSA-2023:3495 https://access.redhat.com/errata/RHSA-2023:3495
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-28120