[Git][security-tracker-team/security-tracker][master] CVE-2024-26144/rails: clarify not-affected rationale

Sat, 09 May 2026 13:26:02 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a73ece61 by Sylvain Beucler at 2026-05-09T22:25:46+02:00
CVE-2024-26144/rails: clarify not-affected rationale

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -277950,13 +277950,14 @@ CVE-2021-46907
 CVE-2024-26144 (Rails is a web-application framework. Starting with version 
5.2.0, the ...)
        {DSA-5881-1}
        - rails 2:7.2.2.1+dfsg-1 (bug #1065119)
-       [bullseye] - rails <not-affected> (vulnerable code not present; 
introduced in 6.1)
+       [bullseye] - rails <not-affected> (Vulnerable code introduced in 6.1)
        NOTE: 
https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
        NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
        NOTE: 
https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433 
(v7.0.8.1)
        NOTE: 
https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3 
(v6.1.7.7)
+       NOTE: Test case: 
https://github.com/rails/rails/commit/6f65662e70c0e9910166976169fc54ae62a96571 
(v8.1.0.beta1)
        NOTE: Introduced by: 
https://github.com/rails/rails/commit/dfb5a82b259e134eac89784ac4ace0c44d1b4aee 
(v6.1.0rc1)
-       NOTE: Proxying was introduced in v6.1.0
+       NOTE: Active Storage Proxy Mode introduced in 6.1, Redirect Mode not 
affected (Cache-Control: private)
 CVE-2024-27092 (Hoppscotch is an API development ecosystem.  Due to lack of 
validation ...)
        NOT-FOR-US: Hoppscotch
 CVE-2024-27088 (es5-ext contains ECMAScript 5 extensions. Passing functions 
with very  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73ece6123bcca8b56354cf517db1c62d71a2e68

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a73ece6123bcca8b56354cf517db1c62d71a2e68
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to