diff --git a/CVE-2022-23633.patch b/CVE-2022-23633.patch
new file mode 100644
index 0000000..eed6167
--- /dev/null
+++ b/CVE-2022-23633.patch
@@ -0,0 +1,32 @@
+From 07d9600172a18b45791c89e95a642e13fc367545 Mon Sep 17 00:00:00 2001
+From: Jean Boussier <jean.boussier@gmail.com>
+Date: Fri, 11 Feb 2022 13:09:30 +0100
+Subject: [PATCH] ActionDispatch::Executor don't fully trust `body#close`
+
+Under certain circumstances, the middleware isn't informed that the
+response body has been fully closed which result in request state not
+being fully reset before the next request.
+
+[CVE-2022-23633]
+---
+ .../action_dispatch/middleware/executor.rb    |  2 +-
+ actionpack/test/dispatch/executor_test.rb     | 21 ++++++++++++++
+ 2 files changed, 15 insertions(+), 1 deletions(-)
+
+diff --git a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/executor.rb b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/executor.rb
+index 129b18d3d9..a32f916260 100644
+--- a/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/executor.rb
++++ b/usr/share/gems/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/executor.rb
+@@ -9,7 +9,7 @@ def initialize(app, executor)
+     end
+ 
+     def call(env)
+-      state = @executor.run!
++      state = @executor.run!(reset: true)
+       begin
+         response = @app.call(env)
+         returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+ 
+-- 
+2.25.1
+
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec
index f48a5c7..6a0d256 100644
--- a/rubygem-actionpack.spec
+++ b/rubygem-actionpack.spec
@@ -4,7 +4,7 @@
 Name:                rubygem-%{gem_name}
 Epoch:               1
 Version:             5.2.4.4
-Release:             4
+Release:             5
 Summary:             Web-flow and rendering framework putting the VC in MVC (part of Rails)
 License:             MIT
 URL:                 http://rubyonrails.org
@@ -16,6 +16,8 @@ Patch1:              CVE-2021-22904.patch
 Patch2:              CVE-2023-22792.patch
 # https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2
 Patch3:              CVE-2023-22795.patch
+# https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08
+Patch3000:           CVE-2022-23633.patch
 
 BuildRequires:       ruby(release) rubygems-devel ruby >= 2.2.2
 %if ! 0%{?bootstrap}
@@ -44,6 +46,7 @@ Documentation for %{name}.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch3000 -p1
 
 %build
 
@@ -74,6 +77,12 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Tue Jun 25 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:5.2.4.4-5
+- Type:CVES
+- ID:CVE-2022-23633
+- SUG:NA
+- DESC:fix CVE-2022-23633
+
 * Mon Feb 05 2024 yaoxin <yao_xin001@hoperun.com> - 1:5.2.4.4-4
 - Fix CVE-2023-22792 and CVE-2023-22795