[Git][security-tracker-team/security-tracker][master] Add CVE-2022-27777/rails

Wed, 01 Jun 2022 23:49:52 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
882d5839 by Salvatore Bonaccorso at 2022-06-02T08:48:38+02:00
Add CVE-2022-27777/rails

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12621,7 +12621,14 @@ CVE-2022-27778 [curl: removes wrong file on error]
        NOTE: https://curl.se/docs/CVE-2022-27778.html
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 
(curl-7_83_1)
 CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and 
< 5. ...)
-       TODO: check
+       - rails <unfixed>
+       NOTE: 
https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
+       NOTE: Fixed by: 
https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 
(v6.1.5.1)
+       NOTE: Regression fix: 
https://github.com/rails/rails/commit/7c2da9e51c5c02643f30d83aaad3ed5062adcad8 
(6.1.6)
+       NOTE: Fixed by: 
https://github.com/rails/rails/commit/36a6dad07d572a0098c29d6d96a226638a7caa38 
(v6.0.4.8)
+       NOTE: Regression fix: 
https://github.com/rails/rails/commit/1b5df893d82a27da907e9b8b75deff13179d1df3 
(v6.0.5)
+       NOTE: Fixed by: 
https://github.com/rails/rails/commit/1278c0f0b4a18ea199f92b666b8b94954a74c20b 
(v5.2.7.1)
+       NOTE: Regression fix: 
https://github.com/rails/rails/commit/a1b8a9b5e5a905d0aeabf532e3f6b74116d5cce6 
(v5.2.8)
 CVE-2022-27776 [Auth/cookie leak on redirect]
        RESERVED
        - curl 7.83.0-1 (bug #1010252)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882d583994ff4800ae4acffb7fbdabf9d631a147

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/882d583994ff4800ae4acffb7fbdabf9d631a147
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to