Skip to main content

Insecure Temporary File

CVE-2023-38037

Severity High
Score 7.1/10

Summary

There is a possible file disclosure of locally encrypted files in activesupport and railties in versions 5.2.0.beta1 through 6.1.7.4 and 7.0.0.alpha1 through 7.0.7.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-377 - Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Advisory Timeline

  • Published