| Name | CVE-2025-24293 |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| rails (PTS) | bullseye (security), bullseye | 2:6.0.3.7+dfsg-2+deb11u2 | vulnerable |
| bookworm, bookworm (security) | 2:6.1.7.10+dfsg-1~deb12u1 | vulnerable |
| forky, trixie | 2:7.2.2.1+dfsg-7 | vulnerable |
| sid | 2:7.2.2.2+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| rails | source | (unstable) | 2:7.2.2.2+dfsg-1 | | | |
Notes
https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce (v8.0.2.1)
https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b (v8.0.2.1)
https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13 (v7.2.2.2)
https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202 (v7.2.2.2)
https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354 (v7.1.5.2)
https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 (v7.1.5.2)