Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8830226b by Salvatore Bonaccorso at 2024-02-27T22:06:18+01:00
Add CVE-2024-26143/rails
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -139,7 +139,10 @@ CVE-2024-26470 (A host header injection vulnerability in
the forgot password fun
CVE-2024-26464 (net-snmp 5.9.4 contains a memory leak vulnerability in
/net-snmp/apps/ ...)
TODO: check
CVE-2024-26143 (Rails is a web-application framework. There is a possible XSS
vulnerab ...)
- TODO: check
+ - rails <not-affected> (Vulnerable code not present)
+ NOTE:
https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
+ NOTE:
https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
(v7.0.8.1)
+ NOTE:
https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
(v7.1.3.1)
CVE-2024-26142 (Rails is a web-application framework. Starting in version
7.1.0, there ...)
- rails <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8830226b0c94414c066b571c75d66e8ee4853a78
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8830226b0c94414c066b571c75d66e8ee4853a78
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
