AVG-1904 log

Package gitlab
Status Vulnerable
Severity Medium
Type multiple issues
Affected 13.11.3-1
Fixed Unknown
Current 13.11.3-1 [community-testing]
13.10.4-1 [community]
Ticket Create
Created Sun May 2 18:02:58 2021
Issue Severity Remote Type Description
CVE-2021-31799 Medium Yes Arbitrary command execution
RDoc before version 6.3.1 used to call Kernel#open to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the...
CVE-2021-22904 Low Yes Denial of service
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions,,
CVE-2021-22902 Low Yes Denial of service
There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before and Carefully crafted Accept headers can...
CVE-2021-22885 Medium Yes Information disclosure
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions,, and 5.2.6 when...
RDoc version 6.1.2 and Action Pack version are bundled in GitLab version 13.11.3.