/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-cp5v-2q2h-78cq

Published

Last updated

https://images.chainguard.dev/security/CGA-cp5v-2q2h-78cq
Package

ruby-3.2

RepositoryWolfi
Latest Update
Not affected
Aliases
  • CVE-2023-5363
  • GHSA-xw78-pcr6-wrg8

Severity

7.5

High

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-5363
  • https://github.com/advisories/GHSA-xw78-pcr6-wrg8

Updates

Status

Not affected

Justification

Vulnerable code not in execute path

Impact

Some scanners misattribute the Ruby OpenSSL gem version as being the OpenSSL version, generating an alert for this vulnerability. Others may also detect a version string in Ruby's bundled OpenSSL shared object, however this is not used. At the time of writing, the underlying OpenSSL version is 3.5.2 which is not vulnerable to CVE-2023-5363

Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal