Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
330c279b by Sylvain Beucler at 2026-05-05T09:16:29+02:00
CVE-2022-32224/rails: link regression discussion
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -397753,8 +397753,9 @@ CVE-2022-32224 (A possible escalation to RCE
vulnerability exists when using YAM
NOTE: Fixed by:
https://github.com/rails/rails/commit/8ce4bd1be83c08c30c34af4d0f1a726066128176
(v6.1.6.1)
NOTE: Fixed by:
https://github.com/rails/rails/commit/d28f278788b599c0a9f6e3ea437c6642eb56f16c
(v6.0.5.1)
NOTE: Fixed by:
https://github.com/rails/rails/commit/6576aa7bbcf52ebd39853363e29f92b4dd53b6f1
(v5.2.8.1)
- NOTE: "This may introduce backwards compatibility issues with existing
data."
NOTE: Psych 4.0 redirects 'YAML.load' from 'YAML.unsafe_load' to
'YAML.safe_load'; 'unsafe_load' introduced in 3.3.2.
+ NOTE: "This may introduce backwards compatibility issues with existing
data."
+ NOTE: https://lists.debian.org/debian-lts/2022/09/msg00004.html
CVE-2022-32223 (Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking
under ce ...)
- nodejs <not-affected> (Only affects Windows)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c279bfa2f11e33c4776262ce6aa72f58f0cec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/330c279bfa2f11e33c4776262ce6aa72f58f0cec
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
