[Git][security-tracker-team/security-tracker][master] new rails issues

Fri, 18 Oct 2024 04:16:05 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc37ec04 by Moritz Mühlenhoff at 2024-10-18T13:05:35+02:00
new rails issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -377,9 +377,13 @@ CVE-2024-48180 (ClassCMS <=4.8 is vulnerable to file 
inclusion in the nowView me
 CVE-2024-47889 (Action Mailer is a framework for designing email service 
layers. Start ...)
        TODO: check
 CVE-2024-47888 (Action Text brings rich text content and editing to Rails. 
Starting in ...)
-       TODO: check
+       - rails <unfixed>
+       NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
+       NOTE: 
https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
 CVE-2024-47887 (Action Pack is a framework for handling and responding to web 
requests ...)
-       TODO: check
+       - rails <unfixed>
+       NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
+       NOTE: 
https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
 CVE-2024-46213 (REDAXO CMS v2.11.0 was discovered to contain a remote code 
execution ( ...)
        NOT-FOR-US: REDAXO CMS
 CVE-2024-46212 (An issue in the component /index.php?page=backup/export of 
REDAXO CMS  ...)
@@ -510,7 +514,9 @@ CVE-2024-45072 (IBM WebSphere Application Server 8.5 and 
9.0 is vulnerable to an
 CVE-2024-45071 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to 
stored c ...)
        NOT-FOR-US: IBM
 CVE-2024-41128 (Action Pack is a framework for handling and responding to web 
requests ...)
-       TODO: check
+       - rails <unfixed>
+       NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
+       NOTE: 
https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
 CVE-2024-38814 (An authenticated SQL injection vulnerability in VMware HCX was 
private ...)
        NOT-FOR-US: VMware
 CVE-2024-29155 (On Microchip RN4870 devices, when more than one consecutive 
PairReqNoI ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc37ec04d0ea3adeb24b47ac35a937203ff01010

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc37ec04d0ea3adeb24b47ac35a937203ff01010
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to