AVG-2090 log
| Package | gitlab |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 13.12.3-1 |
| Fixed | 14.0.0-1 |
| Current | 17.6.0-1 [extra] |
| Ticket | None |
| Created | Mon Jun 21 22:11:22 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-22904 | Low | Yes | Denial of service | There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6... |
| CVE-2021-22902 | Low | Yes | Denial of service | There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can... |
| CVE-2021-22885 | Medium | Yes | Information disclosure | There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when... |
| Notes |
|---|
Action Pack version 6.0.3.6 is bundled in GitLab version 13.12.3, Action Pack version 6.1.3.2 is bundled in GitLab version 14.0.0. |