Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89850fca by Salvatore Bonaccorso at 2021-02-12T15:55:32+01:00
Add references for CVE-2021-22881/rails
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9647,6 +9647,9 @@ CVE-2021-22882
CVE-2021-22881 (The Host Authorization middleware in Action Pack before
6.1.2.1, 6.0.3 ...)
- rails <unfixed>
NOTE:
https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
+ NOTE: https://hackerone.com/reports/1047447
+ NOTE:
https://github.com/rails/rails/commit/83a6ac3fee8fd538ce7e0088913ff54f0f9bcb6f
(main)
+ NOTE:
https://github.com/rails/rails/commit/e33092740b3cc05f5abee197a5982eac31947e92
(v6.0.3.5)
CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1,
6.0.3.5, 5.2.4 ...)
- rails <unfixed>
NOTE:
https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89850fcae829216963a1c0a633fd15a74260c300
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89850fcae829216963a1c0a633fd15a74260c300
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
